# Flog Txt Version 1 # Analyzer Version: 4.1.1 # Analyzer Build Date: Feb 8 2021 16:19:57 # Log Creation Date: 09.04.2021 22:39:08.565 Process: id = "1" image_name = "windowsformsapp1.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\windowsformsapp1.exe" page_root = "0x598d2000" os_pid = "0x6d4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x838" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001d5b8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 5 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 6 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 7 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 8 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 9 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 10 start_va = 0x400000 end_va = 0x551fff monitored = 1 entry_point = 0x54c2e2 region_type = mapped_file name = "windowsformsapp1.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\windowsformsapp1.exe") Region: id = 11 start_va = 0x777c0000 end_va = 0x7793afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 12 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 13 start_va = 0xfffb0000 end_va = 0xfffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 14 start_va = 0xfffe0000 end_va = 0x7ff84634ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 15 start_va = 0x7ff846350000 end_va = 0x7ff846510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 16 start_va = 0x7ff846511000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff846511000" filename = "" Region: id = 212 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 213 start_va = 0x77000000 end_va = 0x77079fff monitored = 0 entry_point = 0x77013290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 214 start_va = 0x77080000 end_va = 0x770cffff monitored = 0 entry_point = 0x77098180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 215 start_va = 0x765d0000 end_va = 0x766affff monitored = 0 entry_point = 0x765e3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 216 start_va = 0x770d0000 end_va = 0x770d7fff monitored = 0 entry_point = 0x770d17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 217 start_va = 0x6d0000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 218 start_va = 0x6ca00000 end_va = 0x6ca58fff monitored = 1 entry_point = 0x6ca10780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 219 start_va = 0x765d0000 end_va = 0x766affff monitored = 0 entry_point = 0x765e3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 220 start_va = 0x76750000 end_va = 0x768cdfff monitored = 0 entry_point = 0x76801b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 221 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 222 start_va = 0xffeb0000 end_va = 0xfffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000ffeb0000" filename = "" Region: id = 223 start_va = 0x560000 end_va = 0x61dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 224 start_va = 0x1d0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 225 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 226 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 227 start_va = 0x74360000 end_va = 0x743f1fff monitored = 0 entry_point = 0x743a0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 228 start_va = 0xffb00000 end_va = 0xffea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 229 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 230 start_va = 0x74910000 end_va = 0x7498afff monitored = 0 entry_point = 0x7492e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 231 start_va = 0x74840000 end_va = 0x748fdfff monitored = 0 entry_point = 0x74875630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 232 start_va = 0x620000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 233 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 234 start_va = 0x850000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 235 start_va = 0x75180000 end_va = 0x751c3fff monitored = 0 entry_point = 0x75199d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 236 start_va = 0x74480000 end_va = 0x7452cfff monitored = 0 entry_point = 0x74494f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 237 start_va = 0x74410000 end_va = 0x7442dfff monitored = 0 entry_point = 0x7441b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 238 start_va = 0x74400000 end_va = 0x74409fff monitored = 0 entry_point = 0x74402a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 239 start_va = 0x76a20000 end_va = 0x76a77fff monitored = 0 entry_point = 0x76a625c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 240 start_va = 0x950000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 241 start_va = 0x6c980000 end_va = 0x6c9f8fff monitored = 1 entry_point = 0x6c98f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 242 start_va = 0x74430000 end_va = 0x74474fff monitored = 0 entry_point = 0x7444de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 243 start_va = 0x74530000 end_va = 0x746ecfff monitored = 0 entry_point = 0x74612a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 244 start_va = 0x74a40000 end_va = 0x74b8efff monitored = 0 entry_point = 0x74af6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 245 start_va = 0x74cb0000 end_va = 0x74df6fff monitored = 0 entry_point = 0x74cc1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 246 start_va = 0x660000 end_va = 0x689fff monitored = 0 entry_point = 0x665680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 247 start_va = 0xa50000 end_va = 0xbd7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 248 start_va = 0x74b90000 end_va = 0x74bbafff monitored = 0 entry_point = 0x74b95680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 249 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 250 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 251 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 252 start_va = 0xbe0000 end_va = 0xd60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 253 start_va = 0xd70000 end_va = 0x216ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d70000" filename = "" Region: id = 254 start_va = 0x2170000 end_va = 0x22bbfff monitored = 1 entry_point = 0x22bc2e2 region_type = mapped_file name = "windowsformsapp1.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\windowsformsapp1.exe") Region: id = 255 start_va = 0x74900000 end_va = 0x7490bfff monitored = 0 entry_point = 0x74903930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 256 start_va = 0x6c970000 end_va = 0x6c977fff monitored = 0 entry_point = 0x6c9717b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 257 start_va = 0x6c2b0000 end_va = 0x6c960fff monitored = 1 entry_point = 0x6c2c5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 258 start_va = 0x6c1b0000 end_va = 0x6c2a4fff monitored = 0 entry_point = 0x6c204160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 259 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 260 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 261 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 262 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 263 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 264 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 265 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 266 start_va = 0x7d0000 end_va = 0x7d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 267 start_va = 0x7e0000 end_va = 0x7e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 268 start_va = 0x7f0000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 269 start_va = 0x2170000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 270 start_va = 0x950000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 271 start_va = 0xa40000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 272 start_va = 0x2170000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 273 start_va = 0x22b0000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 274 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 275 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 276 start_va = 0x22c0000 end_va = 0x42bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 277 start_va = 0x990000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 278 start_va = 0x2270000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 279 start_va = 0x42c0000 end_va = 0x43bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042c0000" filename = "" Region: id = 280 start_va = 0x43c0000 end_va = 0x46f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 281 start_va = 0x6af80000 end_va = 0x6c1a7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 282 start_va = 0x76930000 end_va = 0x76a1afff monitored = 0 entry_point = 0x7696d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 283 start_va = 0x4700000 end_va = 0x4790fff monitored = 0 entry_point = 0x4738cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 284 start_va = 0x704c0000 end_va = 0x70534fff monitored = 0 entry_point = 0x704f9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 285 start_va = 0x4700000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 286 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 287 start_va = 0x6aac0000 end_va = 0x6ab3dfff monitored = 1 entry_point = 0x6aac1140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 288 start_va = 0x74790000 end_va = 0x74821fff monitored = 0 entry_point = 0x747c8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 289 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 290 start_va = 0x6a110000 end_va = 0x6aabbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 291 start_va = 0x69f80000 end_va = 0x6a10cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 292 start_va = 0x69320000 end_va = 0x69f78fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 293 start_va = 0x810000 end_va = 0x810fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 294 start_va = 0x810000 end_va = 0x811fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 295 start_va = 0x751d0000 end_va = 0x765cefff monitored = 0 entry_point = 0x7538b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 296 start_va = 0x74750000 end_va = 0x74786fff monitored = 0 entry_point = 0x74753b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 297 start_va = 0x77220000 end_va = 0x77718fff monitored = 0 entry_point = 0x77427610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 298 start_va = 0x74c10000 end_va = 0x74c9cfff monitored = 0 entry_point = 0x74c59b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 299 start_va = 0x74bc0000 end_va = 0x74c03fff monitored = 0 entry_point = 0x74bc7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 300 start_va = 0x74fe0000 end_va = 0x74feefff monitored = 0 entry_point = 0x74fe2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 301 start_va = 0x830000 end_va = 0x830fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 302 start_va = 0x4700000 end_va = 0x478efff monitored = 0 entry_point = 0x470dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 303 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 304 start_va = 0x6aee0000 end_va = 0x6af71fff monitored = 0 entry_point = 0x6aeedd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 305 start_va = 0x47e0000 end_va = 0x491ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 306 start_va = 0x840000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 307 start_va = 0x4700000 end_va = 0x47bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004700000" filename = "" Region: id = 308 start_va = 0x840000 end_va = 0x843fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 309 start_va = 0xa30000 end_va = 0xa33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 310 start_va = 0x4920000 end_va = 0x4b2afff monitored = 0 entry_point = 0x49cb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 314 start_va = 0x6ef70000 end_va = 0x6f17efff monitored = 0 entry_point = 0x6f01b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 315 start_va = 0x47c0000 end_va = 0x47c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 316 start_va = 0x47e0000 end_va = 0x47e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000047e0000" filename = "" Region: id = 317 start_va = 0x4910000 end_va = 0x491ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004910000" filename = "" Region: id = 318 start_va = 0x47f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 319 start_va = 0x6db50000 end_va = 0x6db6cfff monitored = 0 entry_point = 0x6db53b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 320 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 321 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 322 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 323 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 324 start_va = 0x6acb0000 end_va = 0x6ae1afff monitored = 0 entry_point = 0x6ad1e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 325 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 326 start_va = 0x47f0000 end_va = 0x482ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 327 start_va = 0x4920000 end_va = 0x4a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 328 start_va = 0x6d340000 end_va = 0x6d530fff monitored = 0 entry_point = 0x6d423cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 329 start_va = 0x77100000 end_va = 0x7721efff monitored = 0 entry_point = 0x77145980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 330 start_va = 0x4830000 end_va = 0x4878fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 331 start_va = 0x4880000 end_va = 0x4883fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004880000" filename = "" Region: id = 332 start_va = 0x4a20000 end_va = 0x5a1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 333 start_va = 0x4890000 end_va = 0x4893fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 334 start_va = 0x5a20000 end_va = 0x5b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a20000" filename = "" Region: id = 335 start_va = 0x5b20000 end_va = 0x5c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b20000" filename = "" Region: id = 336 start_va = 0x5c20000 end_va = 0x6111fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005c20000" filename = "" Region: id = 337 start_va = 0x6120000 end_va = 0x61dcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 338 start_va = 0x61e0000 end_va = 0x65dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061e0000" filename = "" Region: id = 339 start_va = 0x48a0000 end_va = 0x48dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048a0000" filename = "" Region: id = 340 start_va = 0x65e0000 end_va = 0x66dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065e0000" filename = "" Region: id = 341 start_va = 0x66e0000 end_va = 0x671ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066e0000" filename = "" Region: id = 342 start_va = 0x6720000 end_va = 0x681ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006720000" filename = "" Region: id = 343 start_va = 0x6820000 end_va = 0x6881fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 344 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 345 start_va = 0x6890000 end_va = 0x690ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006890000" filename = "" Region: id = 346 start_va = 0x6910000 end_va = 0x6a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006910000" filename = "" Region: id = 347 start_va = 0x691a0000 end_va = 0x69312fff monitored = 0 entry_point = 0x6924d220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 348 start_va = 0x6a60000 end_va = 0x6d6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a60000" filename = "" Region: id = 349 start_va = 0x6d70000 end_va = 0x6d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d70000" filename = "" Region: id = 350 start_va = 0x6d70000 end_va = 0x6d7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006d70000" filename = "" Region: id = 351 start_va = 0x6d80000 end_va = 0x6d8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006d80000" filename = "" Region: id = 352 start_va = 0x6d90000 end_va = 0x6d9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006d90000" filename = "" Region: id = 353 start_va = 0x4900000 end_va = 0x4900fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004900000" filename = "" Region: id = 354 start_va = 0x6da0000 end_va = 0x6da4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 355 start_va = 0x6db0000 end_va = 0x6db4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006db0000" filename = "" Region: id = 356 start_va = 0x6dc0000 end_va = 0x6dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006dc0000" filename = "" Region: id = 357 start_va = 0x6dc0000 end_va = 0x6dc3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006dc0000" filename = "" Region: id = 358 start_va = 0x6dd0000 end_va = 0x6dd4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006dd0000" filename = "" Region: id = 359 start_va = 0x6db0000 end_va = 0x6db0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 360 start_va = 0x6de0000 end_va = 0x7e1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 361 start_va = 0x7e20000 end_va = 0x7e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e20000" filename = "" Region: id = 362 start_va = 0x702c0000 end_va = 0x702d2fff monitored = 0 entry_point = 0x702c9950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 363 start_va = 0x70290000 end_va = 0x702befff monitored = 0 entry_point = 0x702a95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 364 start_va = 0x740b0000 end_va = 0x740cafff monitored = 0 entry_point = 0x740b9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 365 start_va = 0x7e30000 end_va = 0x7e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 366 start_va = 0x7e70000 end_va = 0x7f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e70000" filename = "" Region: id = 367 start_va = 0x7f70000 end_va = 0x806ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f70000" filename = "" Thread: id = 1 os_tid = 0x6cc [0113.868] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0115.515] RoInitialize () returned 0x1 [0115.515] RoUninitialize () returned 0x0 [0121.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0121.178] IsAppThemed () returned 0x1 [0121.194] CoTaskMemAlloc (cb=0xf0) returned 0x8a2bf0 [0121.195] CreateActCtxA (pActCtx=0x19f414) returned 0x8a376c [0121.429] CoTaskMemFree (pv=0x8a2bf0) [0121.501] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1e6 [0121.502] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1e5 [0128.201] CoTaskMemAlloc (cb=0x20c) returned 0x8b33e8 [0128.201] SHGetFolderPathW (in: hwnd=0x0, csidl=16, hToken=0x0, dwFlags=0x0, pszPath=0x8b33e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0128.262] CoTaskMemFree (pv=0x8b33e8) [0128.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19ef1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0128.264] CoTaskMemAlloc (cb=0x20c) returned 0x8b33e8 [0128.264] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x8b33e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0128.268] CoTaskMemFree (pv=0x8b33e8) [0128.268] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19ef1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0128.268] CoTaskMemAlloc (cb=0x20c) returned 0x8b33e8 [0128.268] SHGetFolderPathW (in: hwnd=0x0, csidl=39, hToken=0x0, dwFlags=0x0, pszPath=0x8b33e8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Pictures") returned 0x0 [0128.271] CoTaskMemFree (pv=0x8b33e8) [0128.271] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures", nBufferLength=0x105, lpBuffer=0x19ef1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures", lpFilePart=0x0) returned 0x1e [0128.382] GetSystemMetrics (nIndex=75) returned 1 [0128.398] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0129.540] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6aee0000 [0129.797] AdjustWindowRectEx (in: lpRect=0x19f474, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19f474) returned 1 [0129.824] GetCurrentProcess () returned 0xffffffff [0129.825] GetCurrentThread () returned 0xfffffffe [0129.825] GetCurrentProcess () returned 0xffffffff [0129.833] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f38c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f38c*=0x2ec) returned 1 [0129.856] GetCurrentThreadId () returned 0x6cc [0129.985] GetCurrentActCtx (in: lphActCtx=0x19f2ec | out: lphActCtx=0x19f2ec*=0x0) returned 1 [0129.985] ActivateActCtx (in: hActCtx=0x8a376c, lpCookie=0x19f2fc | out: hActCtx=0x8a376c, lpCookie=0x19f2fc) returned 1 [0129.986] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0131.934] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6ef70000 [0132.000] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74cb0000 [0132.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f1b4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWQi\x81\x95Hí «+lhö\x19", lpUsedDefaultChar=0x0) returned 14 [0132.002] GetProcAddress (hModule=0x74cb0000, lpProcName="DefWindowProcW") returned 0x743907e0 [0132.103] GetStockObject (i=5) returned 0x1900015 [0132.121] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0132.497] CoTaskMemAlloc (cb=0x5c) returned 0x8aa4c8 [0132.497] RegisterClassW (lpWndClass=0x19f1a4) returned 0xc1e1 [0132.499] CoTaskMemFree (pv=0x8aa4c8) [0132.500] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0132.502] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x601f8 [0132.506] SetWindowLongW (hWnd=0x601f8, nIndex=-4, dwNewLong=1949894624) returned 76481982 [0132.510] GetWindowLongW (hWnd=0x601f8, nIndex=-4) returned 1949894624 [0132.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea04 | out: phkResult=0x19ea04*=0x304) returned 0x0 [0132.570] RegQueryValueExW (in: hKey=0x304, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19ea24, lpData=0x0, lpcbData=0x19ea20*=0x0 | out: lpType=0x19ea24*=0x0, lpData=0x0, lpcbData=0x19ea20*=0x0) returned 0x2 [0132.570] RegQueryValueExW (in: hKey=0x304, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19ea24, lpData=0x0, lpcbData=0x19ea20*=0x0 | out: lpType=0x19ea24*=0x0, lpData=0x0, lpcbData=0x19ea20*=0x0) returned 0x2 [0132.571] RegCloseKey (hKey=0x304) returned 0x0 [0132.685] SetWindowLongW (hWnd=0x601f8, nIndex=-4, dwNewLong=76482022) returned 1949894624 [0132.686] GetWindowLongW (hWnd=0x601f8, nIndex=-4) returned 76482022 [0132.686] GetWindowLongW (hWnd=0x601f8, nIndex=-16) returned 113311744 [0132.690] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc14f [0132.846] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x601f8, Msg=0x24, wParam=0x0, lParam=0x19ed1c) returned 0x0 [0132.847] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc178 [0132.848] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x601f8, Msg=0x81, wParam=0x0, lParam=0x19ed10) returned 0x1 [0132.850] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x601f8, Msg=0x83, wParam=0x0, lParam=0x19ecfc) returned 0x0 [0133.476] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x601f8, Msg=0x1, wParam=0x0, lParam=0x19ed10) returned 0x0 [0133.477] GetClientRect (in: hWnd=0x601f8, lpRect=0x19ea3c | out: lpRect=0x19ea3c) returned 1 [0133.478] GetWindowRect (in: hWnd=0x601f8, lpRect=0x19ea3c | out: lpRect=0x19ea3c) returned 1 [0133.483] GetParent (hWnd=0x601f8) returned 0x0 [0133.484] DeactivateActCtx (dwFlags=0x0, ulCookie=0x14e50001) returned 1 [0134.267] EtwEventRegister (in: ProviderId=0x22c9cf8, EnableCallback=0x48f060e, CallbackContext=0x0, RegHandle=0x22c9cd4 | out: RegHandle=0x22c9cd4) returned 0x0 [0134.282] EtwEventSetInformation (RegHandle=0x8a9400, InformationClass=0x3e, EventInformation=0x2, InformationLength=0x22c9c68) returned 0x0 [0134.295] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0134.302] AdjustWindowRectEx (in: lpRect=0x19f388, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f388) returned 1 [0134.303] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0134.303] AdjustWindowRectEx (in: lpRect=0x19f388, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f388) returned 1 [0134.304] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0134.304] AdjustWindowRectEx (in: lpRect=0x19f388, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f388) returned 1 [0134.317] GetSystemDefaultLCID () returned 0x409 [0134.319] GetStockObject (i=17) returned 0x10a0047 [0134.327] GetObjectW (in: h=0x10a0047, c=92, pv=0x19f144 | out: pv=0x19f144) returned 92 [0134.331] GetDC (hWnd=0x0) returned 0xa0100d0 [0135.199] GdiplusStartup (in: token=0x695e98, input=0x19e708, output=0x19e758 | out: token=0x695e98, output=0x19e758) returned 0x0 [0135.218] CoTaskMemAlloc (cb=0x5c) returned 0x8aa9a8 [0135.221] GdipCreateFontFromLogfontW (hdc=0xa0100d0, logfont=0x8aa9a8, font=0x19f20c) returned 0x0 [0136.776] CoTaskMemFree (pv=0x8aa9a8) [0136.779] CoTaskMemAlloc (cb=0x5c) returned 0x8aa9a8 [0136.783] CoTaskMemFree (pv=0x8aa9a8) [0136.784] CoTaskMemAlloc (cb=0x5c) returned 0x8aa870 [0136.784] CoTaskMemFree (pv=0x8aa870) [0136.786] GdipGetFontUnit (font=0x47c1f08, unit=0x19f1d8) returned 0x0 [0136.787] GdipGetFontSize (font=0x47c1f08, size=0x19f1dc) returned 0x0 [0136.788] GdipGetFontStyle (font=0x47c1f08, style=0x19f1d4) returned 0x0 [0136.789] GdipGetFamily (font=0x47c1f08, family=0x19f1d0) returned 0x0 [0136.813] GdipGetFontSize (font=0x47c1f08, size=0x22caaa4) returned 0x0 [0136.814] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0136.814] GetDC (hWnd=0x0) returned 0xa0100d0 [0136.815] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19f1f8) returned 0x0 [0136.823] GdipGetDpiY (graphics=0x5b2f268, dpi=0x22cabac) returned 0x0 [0136.824] GdipGetFontHeight (font=0x47c1f08, graphics=0x5b2f268, height=0x19f1f0) returned 0x0 [0136.824] GdipGetEmHeight (family=0x5b24b40, style=0, EmHeight=0x19f1f8) returned 0x0 [0136.825] GdipGetLineSpacing (family=0x5b24b40, style=0, LineSpacing=0x19f1f8) returned 0x0 [0136.826] GdipDeleteGraphics (graphics=0x5b2f268) returned 0x0 [0136.828] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0136.829] GdipCreateFont (fontFamily=0x5b24b40, emSize=0x41040000, style=0, unit=0x3, font=0x22cab6c) returned 0x0 [0136.829] GdipGetFontSize (font=0x47cefc0, size=0x22cab70) returned 0x0 [0136.830] GdipDeleteFont (font=0x47c1f08) returned 0x0 [0136.830] GetDC (hWnd=0x0) returned 0xa0100d0 [0136.830] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19f25c) returned 0x0 [0136.831] GdipGetFontHeight (font=0x47cefc0, graphics=0x5b2f268, height=0x19f254) returned 0x0 [0136.831] GdipDeleteGraphics (graphics=0x5b2f268) returned 0x0 [0136.831] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0136.834] GetSystemMetrics (nIndex=5) returned 1 [0136.834] GetSystemMetrics (nIndex=6) returned 1 [0136.835] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0136.837] AdjustWindowRectEx (in: lpRect=0x19f384, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f384) returned 1 [0136.837] GetDC (hWnd=0x0) returned 0xa0100d0 [0136.837] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19f25c) returned 0x0 [0136.838] GdipGetFontHeight (font=0x47cefc0, graphics=0x5b2f268, height=0x19f254) returned 0x0 [0136.838] GdipDeleteGraphics (graphics=0x5b2f268) returned 0x0 [0136.838] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0136.839] GetSystemMetrics (nIndex=5) returned 1 [0136.839] GetSystemMetrics (nIndex=6) returned 1 [0136.839] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0136.839] AdjustWindowRectEx (in: lpRect=0x19f384, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f384) returned 1 [0136.839] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0136.840] AdjustWindowRectEx (in: lpRect=0x19f388, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f388) returned 1 [0136.843] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0136.843] AdjustWindowRectEx (in: lpRect=0x19f38c, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f38c) returned 1 [0136.843] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0136.844] AdjustWindowRectEx (in: lpRect=0x19f388, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f388) returned 1 [0136.853] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19f364) returned 0x0 [0136.853] GdipCreateFont (fontFamily=0x5b24b40, emSize=0x41de0000, style=1, unit=0x3, font=0x22cb404) returned 0x0 [0136.853] GdipGetFontSize (font=0x47c1f08, size=0x22cb408) returned 0x0 [0136.877] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0136.878] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0136.935] GetProcessWindowStation () returned 0xf0 [0136.939] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x22cbba8, nLength=0xc, lpnLengthNeeded=0x19f1c4 | out: pvInfo=0x22cbba8, lpnLengthNeeded=0x19f1c4) returned 1 [0136.949] SetConsoleCtrlHandler (HandlerRoutine=0x48f0636, Add=1) returned 1 [0136.951] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0136.952] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0136.957] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x22cbc0c | out: lpWndClass=0x22cbc0c) returned 0 [0137.005] CoTaskMemAlloc (cb=0x58) returned 0x89e558 [0137.005] RegisterClassW (lpWndClass=0x19f114) returned 0xc1dd [0137.007] CoTaskMemFree (pv=0x89e558) [0137.010] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x402f6 [0137.012] NtdllDefWindowProc_W (hWnd=0x402f6, Msg=0x81, wParam=0x0, lParam=0x19ec50) returned 0x1 [0137.018] NtdllDefWindowProc_W (hWnd=0x402f6, Msg=0x83, wParam=0x0, lParam=0x19ec3c) returned 0x0 [0137.018] NtdllDefWindowProc_W (hWnd=0x402f6, Msg=0x1, wParam=0x0, lParam=0x19ec50) returned 0x0 [0137.019] NtdllDefWindowProc_W (hWnd=0x402f6, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0137.019] NtdllDefWindowProc_W (hWnd=0x402f6, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0137.034] GetSysColor (nIndex=10) returned 0xb4b4b4 [0137.034] GetSysColor (nIndex=2) returned 0xd1b499 [0137.034] GetSysColor (nIndex=9) returned 0x0 [0137.034] GetSysColor (nIndex=12) returned 0xababab [0137.035] GetSysColor (nIndex=15) returned 0xf0f0f0 [0137.035] GetSysColor (nIndex=20) returned 0xffffff [0137.035] GetSysColor (nIndex=16) returned 0xa0a0a0 [0137.035] GetSysColor (nIndex=15) returned 0xf0f0f0 [0137.035] GetSysColor (nIndex=16) returned 0xa0a0a0 [0137.035] GetSysColor (nIndex=21) returned 0x696969 [0137.036] GetSysColor (nIndex=22) returned 0xe3e3e3 [0137.036] GetSysColor (nIndex=20) returned 0xffffff [0137.036] GetSysColor (nIndex=18) returned 0x0 [0137.036] GetSysColor (nIndex=1) returned 0x0 [0137.036] GetSysColor (nIndex=27) returned 0xead1b9 [0137.037] GetSysColor (nIndex=28) returned 0xf2e4d7 [0137.037] GetSysColor (nIndex=17) returned 0x6d6d6d [0137.037] GetSysColor (nIndex=13) returned 0xff9933 [0137.037] GetSysColor (nIndex=14) returned 0xffffff [0137.037] GetSysColor (nIndex=26) returned 0xcc6600 [0137.038] GetSysColor (nIndex=11) returned 0xfcf7f4 [0137.038] GetSysColor (nIndex=3) returned 0xdbcdbf [0137.038] GetSysColor (nIndex=19) returned 0x0 [0137.038] GetSysColor (nIndex=24) returned 0xe1ffff [0137.038] GetSysColor (nIndex=23) returned 0x0 [0137.038] GetSysColor (nIndex=4) returned 0xf0f0f0 [0137.039] GetSysColor (nIndex=30) returned 0xf0f0f0 [0137.039] GetSysColor (nIndex=29) returned 0xff9933 [0137.039] GetSysColor (nIndex=7) returned 0x0 [0137.039] GetSysColor (nIndex=0) returned 0xc8c8c8 [0137.040] GetSysColor (nIndex=5) returned 0xffffff [0137.040] GetSysColor (nIndex=6) returned 0x646464 [0137.040] GetSysColor (nIndex=8) returned 0x0 [0137.041] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.041] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0137.044] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19f364) returned 0x0 [0137.045] GdipCreateFont (fontFamily=0x5b24b40, emSize=0x41c00000, style=1, unit=0x3, font=0x22cc168) returned 0x0 [0137.045] GdipGetFontSize (font=0x5b2af30, size=0x22cc16c) returned 0x0 [0137.046] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.062] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0137.062] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.063] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0137.063] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19f364) returned 0x0 [0137.064] GdipCreateFont (fontFamily=0x5b24b40, emSize=0x41c00000, style=1, unit=0x3, font=0x22cc3ec) returned 0x0 [0137.064] GdipGetFontSize (font=0x5b2af58, size=0x22cc3f0) returned 0x0 [0137.065] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.065] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0137.066] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.066] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0137.067] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19f364) returned 0x0 [0137.068] GdipCreateFont (fontFamily=0x5b24b40, emSize=0x41c00000, style=0, unit=0x3, font=0x22cc6a4) returned 0x0 [0137.068] GdipGetFontSize (font=0x5b2af80, size=0x22cc6a8) returned 0x0 [0137.068] GetDC (hWnd=0x0) returned 0xa0100d0 [0137.068] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19f324) returned 0x0 [0137.069] GdipGetFontHeight (font=0x5b2af80, graphics=0x5b2f268, height=0x19f31c) returned 0x0 [0137.069] GdipDeleteGraphics (graphics=0x5b2f268) returned 0x0 [0137.069] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0137.071] GetDC (hWnd=0x0) returned 0xa0100d0 [0137.072] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19f2b4) returned 0x0 [0137.073] GdipGetFontHeight (font=0x5b2af80, graphics=0x5b2f268, height=0x19f2ac) returned 0x0 [0137.073] GdipDeleteGraphics (graphics=0x5b2f268) returned 0x0 [0137.073] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0137.073] GetSystemMetrics (nIndex=5) returned 1 [0137.074] GetSystemMetrics (nIndex=6) returned 1 [0137.074] GetSystemMetrics (nIndex=5) returned 1 [0137.074] GetSystemMetrics (nIndex=6) returned 1 [0137.075] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.075] AdjustWindowRectEx (in: lpRect=0x19f278, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f278) returned 1 [0137.075] GetSystemMetrics (nIndex=5) returned 1 [0137.075] GetSystemMetrics (nIndex=6) returned 1 [0137.076] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.076] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f2e8) returned 1 [0137.081] GetSystemMetrics (nIndex=5) returned 1 [0137.081] GetSystemMetrics (nIndex=6) returned 1 [0137.082] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.082] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x560108c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f2e8) returned 1 [0137.086] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19f364) returned 0x0 [0137.086] GdipCreateFont (fontFamily=0x5b24b40, emSize=0x41c00000, style=0, unit=0x3, font=0x22cc994) returned 0x0 [0137.086] GdipGetFontSize (font=0x5b2afa8, size=0x22cc998) returned 0x0 [0137.087] GetDC (hWnd=0x0) returned 0xa0100d0 [0137.088] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19f324) returned 0x0 [0137.088] GdipGetFontHeight (font=0x5b2afa8, graphics=0x5b2f268, height=0x19f31c) returned 0x0 [0137.089] GdipDeleteGraphics (graphics=0x5b2f268) returned 0x0 [0137.089] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0137.089] GetDC (hWnd=0x0) returned 0xa0100d0 [0137.089] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19f2b4) returned 0x0 [0137.090] GdipGetFontHeight (font=0x5b2afa8, graphics=0x5b2f268, height=0x19f2ac) returned 0x0 [0137.090] GdipDeleteGraphics (graphics=0x5b2f268) returned 0x0 [0137.090] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0137.090] GetSystemMetrics (nIndex=5) returned 1 [0137.091] GetSystemMetrics (nIndex=6) returned 1 [0137.091] GetSystemMetrics (nIndex=5) returned 1 [0137.091] GetSystemMetrics (nIndex=6) returned 1 [0137.091] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.091] AdjustWindowRectEx (in: lpRect=0x19f278, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f278) returned 1 [0137.092] GetSystemMetrics (nIndex=5) returned 1 [0137.092] GetSystemMetrics (nIndex=6) returned 1 [0137.092] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.092] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f2e8) returned 1 [0137.093] GetSystemMetrics (nIndex=5) returned 1 [0137.093] GetSystemMetrics (nIndex=6) returned 1 [0137.093] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.093] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x560108c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f2e8) returned 1 [0137.093] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19f364) returned 0x0 [0137.094] GdipCreateFont (fontFamily=0x5b24b40, emSize=0x41de0000, style=1, unit=0x3, font=0x22ccc44) returned 0x0 [0137.094] GdipGetFontSize (font=0x5b2afd0, size=0x22ccc48) returned 0x0 [0137.095] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.095] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0137.095] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0137.095] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0137.124] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe.config", nBufferLength=0x105, lpBuffer=0x19ec54, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe.config", lpFilePart=0x0) returned 0x39 [0137.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0e8) returned 1 [0137.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\windowsformsapp1.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19f164 | out: lpFileInformation=0x19f164*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0137.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0141.668] GdipLoadImageFromStream (stream=0x48e0030, image=0x19ede0) returned 0x0 [0142.176] GdipImageForceValidation (image=0x5b2f268) returned 0x0 [0142.312] GdipGetImageType (image=0x5b2f268, type=0x19eddc) returned 0x0 [0142.313] GdipGetImageRawFormat (image=0x5b2f268, format=0x19ed5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0142.353] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.354] AdjustWindowRectEx (in: lpRect=0x19f314, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f314) returned 1 [0142.354] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.355] AdjustWindowRectEx (in: lpRect=0x19f314, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f314) returned 1 [0142.358] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19f364) returned 0x0 [0142.359] GdipCreateFont (fontFamily=0x5b24b40, emSize=0x41c00000, style=1, unit=0x3, font=0x22e1eb0) returned 0x0 [0142.359] GdipGetFontSize (font=0x5b2b030, size=0x22e1eb4) returned 0x0 [0142.417] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.418] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0142.418] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.418] AdjustWindowRectEx (in: lpRect=0x19f2e8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2e8) returned 1 [0142.426] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.426] AdjustWindowRectEx (in: lpRect=0x19f348, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f348) returned 1 [0142.426] GetSystemMetrics (nIndex=59) returned 1456 [0142.426] GetSystemMetrics (nIndex=60) returned 916 [0142.426] GetSystemMetrics (nIndex=34) returned 136 [0142.426] GetSystemMetrics (nIndex=35) returned 39 [0142.427] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.429] AdjustWindowRectEx (in: lpRect=0x19f248, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f248) returned 1 [0142.429] GetCurrentThreadId () returned 0x6cc [0142.429] GetCurrentThreadId () returned 0x6cc [0142.431] GetCurrentThreadId () returned 0x6cc [0142.431] GetCurrentThreadId () returned 0x6cc [0142.431] GetCurrentThreadId () returned 0x6cc [0142.431] GetCurrentThreadId () returned 0x6cc [0142.432] GetCurrentThreadId () returned 0x6cc [0142.432] GetCurrentThreadId () returned 0x6cc [0142.432] GetCurrentThreadId () returned 0x6cc [0142.433] GetCurrentThreadId () returned 0x6cc [0142.433] GetCurrentThreadId () returned 0x6cc [0142.433] GetCurrentThreadId () returned 0x6cc [0142.433] GetCurrentThreadId () returned 0x6cc [0142.433] GetCurrentThreadId () returned 0x6cc [0142.433] GetCurrentThreadId () returned 0x6cc [0142.433] GetCurrentThreadId () returned 0x6cc [0142.435] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.435] AdjustWindowRectEx (in: lpRect=0x19f260, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19f260) returned 1 [0142.437] AdjustWindowRectEx (in: lpRect=0x19f328, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19f328) returned 1 [0142.442] CreateCompatibleDC (hdc=0x0) returned 0x210109bf [0142.445] GetDC (hWnd=0x0) returned 0xa0100d0 [0142.445] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19f184) returned 0x0 [0142.448] CoTaskMemAlloc (cb=0x5c) returned 0x8aa870 [0142.450] GdipGetLogFontW (font=0x47cefc0, graphics=0x5b2ff10, logfontW=0x8aa870) returned 0x0 [0142.455] CoTaskMemFree (pv=0x8aa870) [0142.455] CoTaskMemAlloc (cb=0x5c) returned 0x8aa668 [0142.456] CoTaskMemFree (pv=0x8aa668) [0142.457] CoTaskMemAlloc (cb=0x5c) returned 0x8aa870 [0142.458] CoTaskMemFree (pv=0x8aa870) [0142.458] GdipDeleteGraphics (graphics=0x5b2ff10) returned 0x0 [0142.458] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0142.462] CoTaskMemAlloc (cb=0x5c) returned 0x8aa870 [0142.462] CreateFontIndirectW (lplf=0x8aa870) returned 0xb0a093c [0142.463] CoTaskMemFree (pv=0x8aa870) [0142.463] SelectObject (hdc=0x210109bf, h=0xb0a093c) returned 0x18a0048 [0142.463] GetTextMetricsW (in: hdc=0x210109bf, lptm=0x19f290 | out: lptm=0x19f290) returned 1 [0142.466] GetTextExtentPoint32W (in: hdc=0x210109bf, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x22e29c8 | out: psizl=0x22e29c8) returned 1 [0142.467] SelectObject (hdc=0x210109bf, h=0x18a0048) returned 0xb0a093c [0142.469] DeleteDC (hdc=0x210109bf) returned 1 [0142.476] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.476] AdjustWindowRectEx (in: lpRect=0x19effc, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19effc) returned 1 [0142.476] AdjustWindowRectEx (in: lpRect=0x19f21c, dwStyle=0x22cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19f21c) returned 1 [0142.479] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.479] AdjustWindowRectEx (in: lpRect=0x19ef74, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19ef74) returned 1 [0142.479] AdjustWindowRectEx (in: lpRect=0x19f054, dwStyle=0x22cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19f054) returned 1 [0142.480] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.480] AdjustWindowRectEx (in: lpRect=0x19ef04, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19ef04) returned 1 [0142.480] AdjustWindowRectEx (in: lpRect=0x19efc8, dwStyle=0x22cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19efc8) returned 1 [0142.481] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.481] AdjustWindowRectEx (in: lpRect=0x19f214, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f214) returned 1 [0142.482] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.482] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f078) returned 1 [0142.483] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.483] AdjustWindowRectEx (in: lpRect=0x19f214, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f214) returned 1 [0142.484] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.484] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f078) returned 1 [0142.484] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.485] AdjustWindowRectEx (in: lpRect=0x19f214, dwStyle=0x560108c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f214) returned 1 [0142.485] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.485] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x560108c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f078) returned 1 [0142.485] GetSystemMetrics (nIndex=5) returned 1 [0142.485] GetSystemMetrics (nIndex=6) returned 1 [0142.486] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.486] AdjustWindowRectEx (in: lpRect=0x19f214, dwStyle=0x560108c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f214) returned 1 [0142.486] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.486] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x560108c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f078) returned 1 [0142.486] GetSystemMetrics (nIndex=5) returned 1 [0142.487] GetSystemMetrics (nIndex=6) returned 1 [0142.487] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.488] AdjustWindowRectEx (in: lpRect=0x19f214, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f214) returned 1 [0142.488] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.489] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f078) returned 1 [0142.489] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.490] AdjustWindowRectEx (in: lpRect=0x19f214, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f214) returned 1 [0142.491] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.491] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f078) returned 1 [0142.492] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.492] AdjustWindowRectEx (in: lpRect=0x19f214, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f214) returned 1 [0142.492] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.493] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f078) returned 1 [0142.493] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.493] AdjustWindowRectEx (in: lpRect=0x19f214, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f214) returned 1 [0142.494] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6aee0000 [0142.494] AdjustWindowRectEx (in: lpRect=0x19f078, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f078) returned 1 [0142.498] GetCurrentActCtx (in: lphActCtx=0x19f48c | out: lphActCtx=0x19f48c*=0x0) returned 1 [0142.498] ActivateActCtx (in: hActCtx=0x8a376c, lpCookie=0x19f49c | out: hActCtx=0x8a376c, lpCookie=0x19f49c) returned 1 [0142.501] GetCurrentActCtx (in: lphActCtx=0x19f2ac | out: lphActCtx=0x19f2ac*=0x8a376c) returned 1 [0142.501] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.502] AdjustWindowRectEx (in: lpRect=0x19f210, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19f210) returned 1 [0142.502] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.502] CreateWindowExW (dwExStyle=0x50080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName="Lol", dwStyle=0x22cf0000, X=-2147483648, Y=-2147483648, nWidth=954, nHeight=896, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x140390 [0142.504] SetWindowLongW (hWnd=0x140390, nIndex=-4, dwNewLong=1949894624) returned 76481982 [0142.505] GetWindowLongW (hWnd=0x140390, nIndex=-4) returned 1949894624 [0142.505] SetWindowLongW (hWnd=0x140390, nIndex=-4, dwNewLong=76482870) returned 1949894624 [0142.506] GetWindowLongW (hWnd=0x140390, nIndex=-4) returned 76482870 [0142.506] GetWindowLongW (hWnd=0x140390, nIndex=-16) returned 651100160 [0142.506] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x81, wParam=0x0, lParam=0x19ecd0) returned 0x1 [0142.508] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x83, wParam=0x0, lParam=0x19ecbc) returned 0x0 [0142.510] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x1, wParam=0x0, lParam=0x19ecd0) returned 0x0 [0142.510] GetClientRect (in: hWnd=0x140390, lpRect=0x19e9cc | out: lpRect=0x19e9cc) returned 1 [0142.510] GetWindowRect (in: hWnd=0x140390, lpRect=0x19e9cc | out: lpRect=0x19e9cc) returned 1 [0142.520] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.520] AdjustWindowRectEx (in: lpRect=0x19e728, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e728) returned 1 [0142.522] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.522] AdjustWindowRectEx (in: lpRect=0x19e6fc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e6fc) returned 1 [0142.523] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.523] AdjustWindowRectEx (in: lpRect=0x19e6fc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e6fc) returned 1 [0142.524] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.524] AdjustWindowRectEx (in: lpRect=0x19e6fc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e6fc) returned 1 [0142.524] GetSystemMetrics (nIndex=5) returned 1 [0142.524] GetSystemMetrics (nIndex=6) returned 1 [0142.525] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.525] AdjustWindowRectEx (in: lpRect=0x19e6fc, dwStyle=0x560108c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19e6fc) returned 1 [0142.525] GetSystemMetrics (nIndex=5) returned 1 [0142.525] GetSystemMetrics (nIndex=6) returned 1 [0142.525] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.526] AdjustWindowRectEx (in: lpRect=0x19e6fc, dwStyle=0x560108c1, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19e6fc) returned 1 [0142.526] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.526] AdjustWindowRectEx (in: lpRect=0x19e6fc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e6fc) returned 1 [0142.529] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.529] AdjustWindowRectEx (in: lpRect=0x19e6fc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e6fc) returned 1 [0142.532] SetWindowTextW (hWnd=0x140390, lpString="Lol") returned 1 [0142.533] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xc, wParam=0x0, lParam=0x22c9954) returned 0x1 [0142.536] GetStartupInfoW (in: lpStartupInfo=0x22e35cc | out: lpStartupInfo=0x22e35cc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0142.538] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x46, wParam=0x0, lParam=0x19ece4) returned 0x0 [0142.538] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x83, wParam=0x1, lParam=0x19ecbc) returned 0x0 [0142.542] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19ea54 | out: lpwndpl=0x19ea54) returned 1 [0142.542] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x47, wParam=0x0, lParam=0x19ece4) returned 0x0 [0142.542] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x3, wParam=0x0, lParam=0x83008300) returned 0x0 [0142.542] GetClientRect (in: hWnd=0x140390, lpRect=0x19e4a0 | out: lpRect=0x19e4a0) returned 1 [0142.542] GetWindowRect (in: hWnd=0x140390, lpRect=0x19e4a0 | out: lpRect=0x19e4a0) returned 1 [0142.543] GetWindowTextLengthW (hWnd=0x140390) returned 3 [0142.543] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0142.544] GetSystemMetrics (nIndex=42) returned 0 [0142.545] GetWindowTextW (in: hWnd=0x140390, lpString=0x19e314, nMaxCount=4 | out: lpString="Lol") returned 3 [0142.545] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xd, wParam=0x4, lParam=0x19e314) returned 0x3 [0142.547] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0 [0142.547] GetClientRect (in: hWnd=0x140390, lpRect=0x19ea04 | out: lpRect=0x19ea04) returned 1 [0142.547] GetWindowRect (in: hWnd=0x140390, lpRect=0x19ea04 | out: lpRect=0x19ea04) returned 1 [0142.555] GetParent (hWnd=0x140390) returned 0x0 [0142.555] SetWindowLongW (hWnd=0x140390, nIndex=-8, dwNewLong=0) returned 0 [0142.563] GetSystemMetrics (nIndex=11) returned 32 [0142.563] GetSystemMetrics (nIndex=12) returned 32 [0142.563] GetDC (hWnd=0x0) returned 0x4010184 [0142.564] GetDeviceCaps (hdc=0x4010184, index=12) returned 32 [0142.564] GetDeviceCaps (hdc=0x4010184, index=14) returned 1 [0142.564] ReleaseDC (hWnd=0x0, hDC=0x4010184) returned 1 [0142.566] CreateIconFromResourceEx (presbits=0x22e60bc, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x50103 [0142.568] GetSystemMetrics (nIndex=49) returned 16 [0142.568] GetSystemMetrics (nIndex=50) returned 16 [0142.569] CreateIconFromResourceEx (presbits=0x22e71a0, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x800fd [0142.572] SendMessageW (hWnd=0x140390, Msg=0x80, wParam=0x0, lParam=0x800fd) returned 0x0 [0142.572] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x80, wParam=0x0, lParam=0x800fd) returned 0x0 [0142.572] SendMessageW (hWnd=0x140390, Msg=0x80, wParam=0x1, lParam=0x50103) returned 0x0 [0142.572] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x80, wParam=0x1, lParam=0x50103) returned 0x0 [0142.573] GetSystemMenu (hWnd=0x140390, bRevert=0) returned 0x601a9 [0142.639] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19f2bc | out: lpwndpl=0x19f2bc) returned 1 [0142.640] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf020, uEnable=0x1) returned 0 [0142.640] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0142.640] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0142.641] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0142.641] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf000, uEnable=0x1) returned 0 [0142.641] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.642] GetWindowLongW (hWnd=0x140390, nIndex=-16) returned 651100160 [0142.642] GetWindowTextLengthW (hWnd=0x140390) returned 3 [0142.642] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0142.642] GetSystemMetrics (nIndex=42) returned 0 [0142.642] GetWindowTextW (in: hWnd=0x140390, lpString=0x19f208, nMaxCount=4 | out: lpString="Lol") returned 3 [0142.643] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xd, wParam=0x4, lParam=0x19f208) returned 0x3 [0142.643] GetWindowTextLengthW (hWnd=0x140390) returned 3 [0142.643] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0142.643] GetSystemMetrics (nIndex=42) returned 0 [0142.643] GetWindowTextW (in: hWnd=0x140390, lpString=0x19f208, nMaxCount=4 | out: lpString="Lol") returned 3 [0142.643] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xd, wParam=0x4, lParam=0x19f208) returned 0x3 [0142.643] AdjustWindowRectEx (in: lpRect=0x19f250, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x19f250) returned 1 [0142.644] GetWindowLongW (hWnd=0x140390, nIndex=-16) returned 651100160 [0142.644] GetWindowLongW (hWnd=0x140390, nIndex=-20) returned 328064 [0142.645] SetWindowLongW (hWnd=0x140390, nIndex=-16, dwNewLong=583991296) returned 651100160 [0142.645] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x7c, wParam=0xfffffff0, lParam=0x19f254) returned 0x0 [0142.646] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x7d, wParam=0xfffffff0, lParam=0x19f254) returned 0x0 [0142.658] SetWindowLongW (hWnd=0x140390, nIndex=-20, dwNewLong=327808) returned 328064 [0142.659] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x7c, wParam=0xffffffec, lParam=0x19f254) returned 0x0 [0142.660] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x7d, wParam=0xffffffec, lParam=0x19f254) returned 0x0 [0142.667] SetWindowPos (hWnd=0x140390, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0142.667] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x46, wParam=0x0, lParam=0x19f274) returned 0x0 [0142.668] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x83, wParam=0x1, lParam=0x19f24c) returned 0x0 [0142.674] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19efe4 | out: lpwndpl=0x19efe4) returned 1 [0142.675] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x47, wParam=0x0, lParam=0x19f274) returned 0x0 [0142.675] GetClientRect (in: hWnd=0x140390, lpRect=0x19ef94 | out: lpRect=0x19ef94) returned 1 [0142.676] GetWindowRect (in: hWnd=0x140390, lpRect=0x19ef94 | out: lpRect=0x19ef94) returned 1 [0142.681] RedrawWindow (hWnd=0x140390, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0142.681] GetSystemMenu (hWnd=0x140390, bRevert=0) returned 0x601a9 [0142.682] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19f2ac | out: lpwndpl=0x19f2ac) returned 1 [0142.683] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf020, uEnable=0x1) returned 1 [0142.683] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0142.683] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0142.683] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0142.684] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf000, uEnable=0x1) returned 1 [0142.684] ShowWindow (hWnd=0x140390, nCmdShow=2) returned 0 [0142.685] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x46, wParam=0x0, lParam=0x19f324) returned 0x0 [0142.726] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19f094 | out: lpwndpl=0x19f094) returned 1 [0142.726] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x47, wParam=0x0, lParam=0x19f324) returned 0x0 [0142.727] GetClientRect (in: hWnd=0x140390, lpRect=0x19f044 | out: lpRect=0x19f044) returned 1 [0142.727] GetWindowRect (in: hWnd=0x140390, lpRect=0x19f044 | out: lpRect=0x19f044) returned 1 [0142.727] GetWindowTextLengthW (hWnd=0x140390) returned 3 [0142.728] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0142.728] GetSystemMetrics (nIndex=42) returned 0 [0142.728] GetWindowTextW (in: hWnd=0x140390, lpString=0x19f218, nMaxCount=4 | out: lpString="Lol") returned 3 [0142.728] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xd, wParam=0x4, lParam=0x19f218) returned 0x3 [0142.728] GetCurrentActCtx (in: lphActCtx=0x19f20c | out: lphActCtx=0x19f20c*=0x8a376c) returned 1 [0142.728] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.729] GetClassInfoW (in: hInstance=0x0, lpClassName="STATIC", lpWndClass=0x22e7800 | out: lpWndClass=0x22e7800) returned 1 [0142.731] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.731] CoTaskMemAlloc (cb=0x58) returned 0x89e438 [0142.731] RegisterClassW (lpWndClass=0x19f0c4) returned 0xc1e7 [0142.731] CoTaskMemFree (pv=0x89e438) [0142.732] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.732] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName=".", dwStyle=0x5600000d, X=12, Y=-80, nWidth=0, nHeight=71, hWndParent=0x140390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x602a8 [0142.732] SetWindowLongW (hWnd=0x602a8, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0142.732] GetWindowLongW (hWnd=0x602a8, nIndex=-4) returned 1861937536 [0142.733] SetWindowLongW (hWnd=0x602a8, nIndex=-4, dwNewLong=76482950) returned 1861937536 [0142.734] GetWindowLongW (hWnd=0x602a8, nIndex=-4) returned 76482950 [0142.734] GetWindowLongW (hWnd=0x602a8, nIndex=-16) returned 1174405133 [0142.734] GetWindowLongW (hWnd=0x602a8, nIndex=-12) returned 0 [0142.758] SetWindowLongW (hWnd=0x602a8, nIndex=-12, dwNewLong=393896) returned 0 [0142.758] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x81, wParam=0x0, lParam=0x19ec30) returned 0x1 [0142.762] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x83, wParam=0x0, lParam=0x19ec1c) returned 0x0 [0142.762] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x1, wParam=0x0, lParam=0x19ec30) returned 0x0 [0142.765] GetWindow (hWnd=0x602a8, uCmd=0x3) returned 0x0 [0142.766] GetClientRect (in: hWnd=0x602a8, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.766] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.766] GetParent (hWnd=0x602a8) returned 0x140390 [0142.766] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e920, cPoints=0x2 | out: lpPoints=0x19e920) returned 2097184000 [0142.768] SetWindowTextW (hWnd=0x602a8, lpString=".") returned 1 [0142.768] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0xc, wParam=0x0, lParam=0x22c992c) returned 0x1 [0142.769] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x5, wParam=0x0, lParam=0x470000) returned 0x0 [0142.769] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x3, wParam=0x0, lParam=0xffb0000c) returned 0x0 [0142.769] GetClientRect (in: hWnd=0x602a8, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.769] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.769] GetParent (hWnd=0x602a8) returned 0x140390 [0142.770] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e978, cPoints=0x2 | out: lpPoints=0x19e978) returned 2097184000 [0142.770] SendMessageW (hWnd=0x602a8, Msg=0x2210, wParam=0x2a80001, lParam=0x602a8) returned 0x0 [0142.770] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x2210, wParam=0x2a80001, lParam=0x602a8) returned 0x0 [0142.771] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.771] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x46, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.773] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x47, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.773] GetClientRect (in: hWnd=0x602a8, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.774] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.774] GetParent (hWnd=0x602a8) returned 0x140390 [0142.774] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e948, cPoints=0x2 | out: lpPoints=0x19e948) returned 2097184000 [0142.774] GetParent (hWnd=0x602a8) returned 0x140390 [0142.774] GetParent (hWnd=0x602a8) returned 0x140390 [0142.774] GetCurrentActCtx (in: lphActCtx=0x19f20c | out: lphActCtx=0x19f20c*=0x8a376c) returned 1 [0142.774] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.775] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.775] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName="In order to recover your data...", dwStyle=0x5600000d, X=12, Y=-377, nWidth=0, nHeight=87, hWndParent=0x140390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x402ea [0142.776] SetWindowLongW (hWnd=0x402ea, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0142.776] GetWindowLongW (hWnd=0x402ea, nIndex=-4) returned 1861937536 [0142.777] SetWindowLongW (hWnd=0x402ea, nIndex=-4, dwNewLong=76482990) returned 1861937536 [0142.777] GetWindowLongW (hWnd=0x402ea, nIndex=-4) returned 76482990 [0142.777] GetWindowLongW (hWnd=0x402ea, nIndex=-16) returned 1174405133 [0142.778] GetWindowLongW (hWnd=0x402ea, nIndex=-12) returned 0 [0142.778] SetWindowLongW (hWnd=0x402ea, nIndex=-12, dwNewLong=262890) returned 0 [0142.778] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x81, wParam=0x0, lParam=0x19ec30) returned 0x1 [0142.779] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x83, wParam=0x0, lParam=0x19ec1c) returned 0x0 [0142.780] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x1, wParam=0x0, lParam=0x19ec30) returned 0x0 [0142.780] GetWindow (hWnd=0x402ea, uCmd=0x3) returned 0x602a8 [0142.781] GetClientRect (in: hWnd=0x402ea, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.781] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.781] GetParent (hWnd=0x402ea) returned 0x140390 [0142.781] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e920, cPoints=0x2 | out: lpPoints=0x19e920) returned 2097184000 [0142.782] SetWindowTextW (hWnd=0x402ea, lpString="In order to recover your data...") returned 1 [0142.782] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0xc, wParam=0x0, lParam=0x22c986c) returned 0x1 [0142.784] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x5, wParam=0x0, lParam=0x570000) returned 0x0 [0142.784] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x3, wParam=0x0, lParam=0xfe87000c) returned 0x0 [0142.784] GetClientRect (in: hWnd=0x402ea, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.785] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.785] GetParent (hWnd=0x402ea) returned 0x140390 [0142.785] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e978, cPoints=0x2 | out: lpPoints=0x19e978) returned 2097184000 [0142.785] SendMessageW (hWnd=0x402ea, Msg=0x2210, wParam=0x2ea0001, lParam=0x402ea) returned 0x0 [0142.785] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x2210, wParam=0x2ea0001, lParam=0x402ea) returned 0x0 [0142.785] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.785] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x46, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.787] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x47, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.787] GetClientRect (in: hWnd=0x402ea, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.787] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.787] GetParent (hWnd=0x402ea) returned 0x140390 [0142.788] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e948, cPoints=0x2 | out: lpPoints=0x19e948) returned 2097184000 [0142.788] GetParent (hWnd=0x402ea) returned 0x140390 [0142.788] GetParent (hWnd=0x402ea) returned 0x140390 [0142.788] GetCurrentActCtx (in: lphActCtx=0x19f1f4 | out: lphActCtx=0x19f1f4*=0x8a376c) returned 1 [0142.789] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.790] GetClassInfoW (in: hInstance=0x0, lpClassName="EDIT", lpWndClass=0x22e7c18 | out: lpWndClass=0x22e7c18) returned 1 [0142.791] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.791] CoTaskMemAlloc (cb=0x54) returned 0x89e318 [0142.791] RegisterClassW (lpWndClass=0x19f0ac) returned 0xc1e8 [0142.792] CoTaskMemFree (pv=0x89e318) [0142.792] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.792] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r10_ad1", lpWindowName="friendly.cyber.criminal@gmail.com", dwStyle=0x560108c1, X=-333, Y=-127, nWidth=677, nHeight=44, hWndParent=0x140390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x502ce [0142.793] SetWindowLongW (hWnd=0x502ce, nIndex=-4, dwNewLong=1862320944) returned 76483030 [0142.793] GetWindowLongW (hWnd=0x502ce, nIndex=-4) returned 1862320944 [0142.794] SetWindowLongW (hWnd=0x502ce, nIndex=-4, dwNewLong=76483070) returned 1862320944 [0142.794] GetWindowLongW (hWnd=0x502ce, nIndex=-4) returned 76483070 [0142.794] GetWindowLongW (hWnd=0x502ce, nIndex=-16) returned 1174472897 [0142.794] GetWindowLongW (hWnd=0x502ce, nIndex=-12) returned 0 [0142.794] SetWindowLongW (hWnd=0x502ce, nIndex=-12, dwNewLong=328398) returned 0 [0142.795] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x81, wParam=0x0, lParam=0x19ec18) returned 0x1 [0142.797] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x83, wParam=0x0, lParam=0x19ec04) returned 0x0 [0142.798] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x1, wParam=0x0, lParam=0x19ec18) returned 0x1 [0142.803] SendMessageW (hWnd=0x502ce, Msg=0x2111, wParam=0x40002ce, lParam=0x502ce) returned 0x0 [0142.804] SendMessageW (hWnd=0x502ce, Msg=0x2111, wParam=0x30002ce, lParam=0x502ce) returned 0x0 [0142.804] SendMessageW (hWnd=0x502ce, Msg=0x2055, wParam=0x502ce, lParam=0x3) returned 0x2 [0142.804] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0 [0142.805] GetWindow (hWnd=0x502ce, uCmd=0x3) returned 0x402ea [0142.805] GetClientRect (in: hWnd=0x502ce, lpRect=0x19e91c | out: lpRect=0x19e91c) returned 1 [0142.805] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19e91c | out: lpRect=0x19e91c) returned 1 [0142.805] GetParent (hWnd=0x502ce) returned 0x140390 [0142.805] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e91c, cPoints=0x2 | out: lpPoints=0x19e91c) returned 2097184000 [0142.805] GetDC (hWnd=0x0) returned 0x4010184 [0142.805] GdipCreateFromHDC (hdc=0x4010184, graphics=0x19e7c0) returned 0x0 [0142.806] CoTaskMemAlloc (cb=0x5c) returned 0x8aa390 [0142.806] GdipGetLogFontW (font=0x5b2afa8, graphics=0x5b2ff10, logfontW=0x8aa390) returned 0x0 [0142.806] CoTaskMemFree (pv=0x8aa390) [0142.806] CoTaskMemAlloc (cb=0x5c) returned 0x8aa600 [0142.806] CoTaskMemFree (pv=0x8aa600) [0142.806] CoTaskMemAlloc (cb=0x5c) returned 0x8aaa10 [0142.806] CoTaskMemFree (pv=0x8aaa10) [0142.806] GdipDeleteGraphics (graphics=0x5b2ff10) returned 0x0 [0142.806] ReleaseDC (hWnd=0x0, hDC=0x4010184) returned 1 [0142.807] CoTaskMemAlloc (cb=0x5c) returned 0x8aaa10 [0142.807] CreateFontIndirectW (lplf=0x8aaa10) returned 0x6b0a0564 [0142.807] CoTaskMemFree (pv=0x8aaa10) [0142.807] SendMessageW (hWnd=0x502ce, Msg=0x30, wParam=0x6b0a0564, lParam=0x0) returned 0x1 [0142.807] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x30, wParam=0x6b0a0564, lParam=0x0) returned 0x1 [0142.810] SendMessageW (hWnd=0x502ce, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0142.810] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0142.810] SetWindowTextW (hWnd=0x502ce, lpString="friendly.cyber.criminal@gmail.com") returned 1 [0142.810] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0xc, wParam=0x0, lParam=0x22c9800) returned 0x1 [0142.811] SendMessageW (hWnd=0x502ce, Msg=0x2111, wParam=0x40002ce, lParam=0x502ce) returned 0x0 [0142.811] SendMessageW (hWnd=0x502ce, Msg=0x2111, wParam=0x30002ce, lParam=0x502ce) returned 0x0 [0142.812] GetSystemMetrics (nIndex=5) returned 1 [0142.812] GetSystemMetrics (nIndex=6) returned 1 [0142.812] SendMessageW (hWnd=0x502ce, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0142.812] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0142.813] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x5, wParam=0x0, lParam=0x2802a1) returned 0x0 [0142.813] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x3, wParam=0x0, lParam=0xff83feb5) returned 0x0 [0142.813] GetClientRect (in: hWnd=0x502ce, lpRect=0x19e974 | out: lpRect=0x19e974) returned 1 [0142.814] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19e974 | out: lpRect=0x19e974) returned 1 [0142.814] GetParent (hWnd=0x502ce) returned 0x140390 [0142.814] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e974, cPoints=0x2 | out: lpPoints=0x19e974) returned 2097184000 [0142.814] SendMessageW (hWnd=0x502ce, Msg=0x2210, wParam=0x2ce0001, lParam=0x502ce) returned 0x0 [0142.814] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x2210, wParam=0x2ce0001, lParam=0x502ce) returned 0x0 [0142.814] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.815] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x46, wParam=0x0, lParam=0x19ec2c) returned 0x0 [0142.817] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x47, wParam=0x0, lParam=0x19ec2c) returned 0x0 [0142.817] GetClientRect (in: hWnd=0x502ce, lpRect=0x19e944 | out: lpRect=0x19e944) returned 1 [0142.817] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19e944 | out: lpRect=0x19e944) returned 1 [0142.817] GetParent (hWnd=0x502ce) returned 0x140390 [0142.817] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e944, cPoints=0x2 | out: lpPoints=0x19e944) returned 2097184000 [0142.817] GetParent (hWnd=0x502ce) returned 0x140390 [0142.818] GetParent (hWnd=0x502ce) returned 0x140390 [0142.818] GetCurrentActCtx (in: lphActCtx=0x19f1f4 | out: lphActCtx=0x19f1f4*=0x8a376c) returned 1 [0142.818] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.819] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.819] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r10_ad1", lpWindowName="1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1", dwStyle=0x560108c1, X=-333, Y=-232, nWidth=677, nHeight=44, hWndParent=0x140390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xa0148 [0142.820] SetWindowLongW (hWnd=0xa0148, nIndex=-4, dwNewLong=1862320944) returned 76483030 [0142.820] GetWindowLongW (hWnd=0xa0148, nIndex=-4) returned 1862320944 [0142.821] SetWindowLongW (hWnd=0xa0148, nIndex=-4, dwNewLong=76483110) returned 1862320944 [0142.822] GetWindowLongW (hWnd=0xa0148, nIndex=-4) returned 76483110 [0142.822] GetWindowLongW (hWnd=0xa0148, nIndex=-16) returned 1174472897 [0142.822] GetWindowLongW (hWnd=0xa0148, nIndex=-12) returned 0 [0142.822] SetWindowLongW (hWnd=0xa0148, nIndex=-12, dwNewLong=655688) returned 0 [0142.822] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x81, wParam=0x0, lParam=0x19ec18) returned 0x1 [0142.823] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x83, wParam=0x0, lParam=0x19ec04) returned 0x0 [0142.824] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x1, wParam=0x0, lParam=0x19ec18) returned 0x0 [0142.825] SendMessageW (hWnd=0xa0148, Msg=0x2111, wParam=0x4000148, lParam=0xa0148) returned 0x0 [0142.825] SendMessageW (hWnd=0xa0148, Msg=0x2111, wParam=0x3000148, lParam=0xa0148) returned 0x0 [0142.826] SendMessageW (hWnd=0xa0148, Msg=0x2055, wParam=0xa0148, lParam=0x3) returned 0x2 [0142.826] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0 [0142.827] GetWindow (hWnd=0xa0148, uCmd=0x3) returned 0x502ce [0142.827] GetClientRect (in: hWnd=0xa0148, lpRect=0x19e91c | out: lpRect=0x19e91c) returned 1 [0142.827] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19e91c | out: lpRect=0x19e91c) returned 1 [0142.827] GetParent (hWnd=0xa0148) returned 0x140390 [0142.827] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e91c, cPoints=0x2 | out: lpPoints=0x19e91c) returned 2097184000 [0142.828] GetDC (hWnd=0x0) returned 0x4010184 [0142.828] GdipCreateFromHDC (hdc=0x4010184, graphics=0x19e7c0) returned 0x0 [0142.829] CoTaskMemAlloc (cb=0x5c) returned 0x8aaa10 [0142.829] GdipGetLogFontW (font=0x5b2af80, graphics=0x5b2ff10, logfontW=0x8aaa10) returned 0x0 [0142.829] CoTaskMemFree (pv=0x8aaa10) [0142.829] CoTaskMemAlloc (cb=0x5c) returned 0x8aa4c8 [0142.830] CoTaskMemFree (pv=0x8aa4c8) [0142.830] CoTaskMemAlloc (cb=0x5c) returned 0x8aa7a0 [0142.832] CoTaskMemFree (pv=0x8aa7a0) [0142.832] GdipDeleteGraphics (graphics=0x5b2ff10) returned 0x0 [0142.832] ReleaseDC (hWnd=0x0, hDC=0x4010184) returned 1 [0142.833] CoTaskMemAlloc (cb=0x5c) returned 0x8aa738 [0142.833] CreateFontIndirectW (lplf=0x8aa738) returned 0x180a06c9 [0142.833] CoTaskMemFree (pv=0x8aa738) [0142.833] SendMessageW (hWnd=0xa0148, Msg=0x30, wParam=0x180a06c9, lParam=0x0) returned 0x1 [0142.834] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x30, wParam=0x180a06c9, lParam=0x0) returned 0x1 [0142.835] SendMessageW (hWnd=0xa0148, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0142.835] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0142.836] SetWindowTextW (hWnd=0xa0148, lpString="1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1") returned 1 [0142.836] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0xc, wParam=0x0, lParam=0x22c9780) returned 0x1 [0142.836] SendMessageW (hWnd=0xa0148, Msg=0x2111, wParam=0x4000148, lParam=0xa0148) returned 0x0 [0142.837] SendMessageW (hWnd=0xa0148, Msg=0x2111, wParam=0x3000148, lParam=0xa0148) returned 0x0 [0142.837] GetSystemMetrics (nIndex=5) returned 1 [0142.837] GetSystemMetrics (nIndex=6) returned 1 [0142.837] SendMessageW (hWnd=0xa0148, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0142.837] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0142.838] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x5, wParam=0x0, lParam=0x2802a1) returned 0x0 [0142.838] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x3, wParam=0x0, lParam=0xff1afeb5) returned 0x0 [0142.839] GetClientRect (in: hWnd=0xa0148, lpRect=0x19e974 | out: lpRect=0x19e974) returned 1 [0142.839] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19e974 | out: lpRect=0x19e974) returned 1 [0142.839] GetParent (hWnd=0xa0148) returned 0x140390 [0142.839] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e974, cPoints=0x2 | out: lpPoints=0x19e974) returned 2097184000 [0142.839] SendMessageW (hWnd=0xa0148, Msg=0x2210, wParam=0x1480001, lParam=0xa0148) returned 0x0 [0142.839] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x2210, wParam=0x1480001, lParam=0xa0148) returned 0x0 [0142.840] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.840] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x46, wParam=0x0, lParam=0x19ec2c) returned 0x0 [0142.842] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x47, wParam=0x0, lParam=0x19ec2c) returned 0x0 [0142.842] GetClientRect (in: hWnd=0xa0148, lpRect=0x19e944 | out: lpRect=0x19e944) returned 1 [0142.842] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19e944 | out: lpRect=0x19e944) returned 1 [0142.842] GetParent (hWnd=0xa0148) returned 0x140390 [0142.842] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e944, cPoints=0x2 | out: lpPoints=0x19e944) returned 2097184000 [0142.843] GetParent (hWnd=0xa0148) returned 0x140390 [0142.843] GetParent (hWnd=0xa0148) returned 0x140390 [0142.843] GetCurrentActCtx (in: lphActCtx=0x19f20c | out: lphActCtx=0x19f20c*=0x8a376c) returned 1 [0142.844] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.845] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.845] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName="Next, E-mail your transaction ID to the following address:", dwStyle=0x5600000d, X=12, Y=-185, nWidth=0, nHeight=55, hWndParent=0x140390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x801ea [0142.845] SetWindowLongW (hWnd=0x801ea, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0142.846] GetWindowLongW (hWnd=0x801ea, nIndex=-4) returned 1861937536 [0142.847] SetWindowLongW (hWnd=0x801ea, nIndex=-4, dwNewLong=76483150) returned 1861937536 [0142.848] GetWindowLongW (hWnd=0x801ea, nIndex=-4) returned 76483150 [0142.848] GetWindowLongW (hWnd=0x801ea, nIndex=-16) returned 1174405133 [0142.848] GetWindowLongW (hWnd=0x801ea, nIndex=-12) returned 0 [0142.848] SetWindowLongW (hWnd=0x801ea, nIndex=-12, dwNewLong=524778) returned 0 [0142.848] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x81, wParam=0x0, lParam=0x19ec30) returned 0x1 [0142.849] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x83, wParam=0x0, lParam=0x19ec1c) returned 0x0 [0142.849] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x1, wParam=0x0, lParam=0x19ec30) returned 0x0 [0142.850] GetWindow (hWnd=0x801ea, uCmd=0x3) returned 0xa0148 [0142.850] GetClientRect (in: hWnd=0x801ea, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.850] GetWindowRect (in: hWnd=0x801ea, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.850] GetParent (hWnd=0x801ea) returned 0x140390 [0142.850] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e920, cPoints=0x2 | out: lpPoints=0x19e920) returned 2097184000 [0142.851] SetWindowTextW (hWnd=0x801ea, lpString="Next, E-mail your transaction ID to the following address:") returned 1 [0142.851] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0xc, wParam=0x0, lParam=0x22c96cc) returned 0x1 [0142.853] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x5, wParam=0x0, lParam=0x370000) returned 0x0 [0142.853] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x3, wParam=0x0, lParam=0xff47000c) returned 0x0 [0142.853] GetClientRect (in: hWnd=0x801ea, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.853] GetWindowRect (in: hWnd=0x801ea, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.853] GetParent (hWnd=0x801ea) returned 0x140390 [0142.853] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e978, cPoints=0x2 | out: lpPoints=0x19e978) returned 2097184000 [0142.853] SendMessageW (hWnd=0x801ea, Msg=0x2210, wParam=0x1ea0001, lParam=0x801ea) returned 0x0 [0142.853] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x2210, wParam=0x1ea0001, lParam=0x801ea) returned 0x0 [0142.854] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.854] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x46, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.856] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x47, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.856] GetClientRect (in: hWnd=0x801ea, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.856] GetWindowRect (in: hWnd=0x801ea, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.856] GetParent (hWnd=0x801ea) returned 0x140390 [0142.856] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e948, cPoints=0x2 | out: lpPoints=0x19e948) returned 2097184000 [0142.856] GetParent (hWnd=0x801ea) returned 0x140390 [0142.856] GetParent (hWnd=0x801ea) returned 0x140390 [0142.856] GetCurrentActCtx (in: lphActCtx=0x19f20c | out: lphActCtx=0x19f20c*=0x8a376c) returned 1 [0142.857] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.858] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName="Please send n Bitcoin(s) to the following BTC address:", dwStyle=0x5600000d, X=12, Y=-290, nWidth=0, nHeight=55, hWndParent=0x140390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x602f4 [0142.858] SetWindowLongW (hWnd=0x602f4, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0142.859] GetWindowLongW (hWnd=0x602f4, nIndex=-4) returned 1861937536 [0142.860] SetWindowLongW (hWnd=0x602f4, nIndex=-4, dwNewLong=76483190) returned 1861937536 [0142.860] GetWindowLongW (hWnd=0x602f4, nIndex=-4) returned 76483190 [0142.860] GetWindowLongW (hWnd=0x602f4, nIndex=-16) returned 1174405133 [0142.860] GetWindowLongW (hWnd=0x602f4, nIndex=-12) returned 0 [0142.860] SetWindowLongW (hWnd=0x602f4, nIndex=-12, dwNewLong=393972) returned 0 [0142.860] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x81, wParam=0x0, lParam=0x19ec30) returned 0x1 [0142.861] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x83, wParam=0x0, lParam=0x19ec1c) returned 0x0 [0142.862] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x1, wParam=0x0, lParam=0x19ec30) returned 0x0 [0142.862] GetWindow (hWnd=0x602f4, uCmd=0x3) returned 0x801ea [0142.863] GetClientRect (in: hWnd=0x602f4, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.863] GetWindowRect (in: hWnd=0x602f4, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.863] GetParent (hWnd=0x602f4) returned 0x140390 [0142.863] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e920, cPoints=0x2 | out: lpPoints=0x19e920) returned 2097184000 [0142.864] SetWindowTextW (hWnd=0x602f4, lpString="Please send n Bitcoin(s) to the following BTC address:") returned 1 [0142.864] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0xc, wParam=0x0, lParam=0x22c9634) returned 0x1 [0142.865] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x5, wParam=0x0, lParam=0x370000) returned 0x0 [0142.866] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x3, wParam=0x0, lParam=0xfede000c) returned 0x0 [0142.866] GetClientRect (in: hWnd=0x602f4, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.866] GetWindowRect (in: hWnd=0x602f4, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.866] GetParent (hWnd=0x602f4) returned 0x140390 [0142.866] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e978, cPoints=0x2 | out: lpPoints=0x19e978) returned 2097184000 [0142.866] SendMessageW (hWnd=0x602f4, Msg=0x2210, wParam=0x2f40001, lParam=0x602f4) returned 0x0 [0142.866] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x2210, wParam=0x2f40001, lParam=0x602f4) returned 0x0 [0142.867] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.867] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x46, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.869] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x47, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.869] GetClientRect (in: hWnd=0x602f4, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.869] GetWindowRect (in: hWnd=0x602f4, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.869] GetParent (hWnd=0x602f4) returned 0x140390 [0142.869] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e948, cPoints=0x2 | out: lpPoints=0x19e948) returned 2097184000 [0142.869] GetParent (hWnd=0x602f4) returned 0x140390 [0142.869] GetParent (hWnd=0x602f4) returned 0x140390 [0142.869] GetCurrentActCtx (in: lphActCtx=0x19f20c | out: lphActCtx=0x19f20c*=0x8a376c) returned 1 [0142.870] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.870] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.870] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName="Your files (count: n) have been encrypted!", dwStyle=0x5600000d, X=12, Y=-432, nWidth=0, nHeight=55, hWndParent=0x140390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x80048 [0142.871] SetWindowLongW (hWnd=0x80048, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0142.871] GetWindowLongW (hWnd=0x80048, nIndex=-4) returned 1861937536 [0142.871] SetWindowLongW (hWnd=0x80048, nIndex=-4, dwNewLong=76483230) returned 1861937536 [0142.872] GetWindowLongW (hWnd=0x80048, nIndex=-4) returned 76483230 [0142.872] GetWindowLongW (hWnd=0x80048, nIndex=-16) returned 1174405133 [0142.872] GetWindowLongW (hWnd=0x80048, nIndex=-12) returned 0 [0142.872] SetWindowLongW (hWnd=0x80048, nIndex=-12, dwNewLong=524360) returned 0 [0142.872] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x81, wParam=0x0, lParam=0x19ec30) returned 0x1 [0142.873] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x83, wParam=0x0, lParam=0x19ec1c) returned 0x0 [0142.873] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x1, wParam=0x0, lParam=0x19ec30) returned 0x0 [0142.874] GetWindow (hWnd=0x80048, uCmd=0x3) returned 0x602f4 [0142.874] GetClientRect (in: hWnd=0x80048, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.874] GetWindowRect (in: hWnd=0x80048, lpRect=0x19e920 | out: lpRect=0x19e920) returned 1 [0142.874] GetParent (hWnd=0x80048) returned 0x140390 [0142.874] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e920, cPoints=0x2 | out: lpPoints=0x19e920) returned 2097184000 [0142.875] SetWindowTextW (hWnd=0x80048, lpString="Your files (count: n) have been encrypted!") returned 1 [0142.875] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0xc, wParam=0x0, lParam=0x22c95a0) returned 0x1 [0142.876] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x5, wParam=0x0, lParam=0x370000) returned 0x0 [0142.877] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x3, wParam=0x0, lParam=0xfe50000c) returned 0x0 [0142.877] GetClientRect (in: hWnd=0x80048, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.877] GetWindowRect (in: hWnd=0x80048, lpRect=0x19e978 | out: lpRect=0x19e978) returned 1 [0142.877] GetParent (hWnd=0x80048) returned 0x140390 [0142.877] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e978, cPoints=0x2 | out: lpPoints=0x19e978) returned 2097184000 [0142.877] SendMessageW (hWnd=0x80048, Msg=0x2210, wParam=0x480001, lParam=0x80048) returned 0x0 [0142.877] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x2210, wParam=0x480001, lParam=0x80048) returned 0x0 [0142.877] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.877] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x46, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.880] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x47, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.880] GetClientRect (in: hWnd=0x80048, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.880] GetWindowRect (in: hWnd=0x80048, lpRect=0x19e948 | out: lpRect=0x19e948) returned 1 [0142.880] GetParent (hWnd=0x80048) returned 0x140390 [0142.880] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e948, cPoints=0x2 | out: lpPoints=0x19e948) returned 2097184000 [0142.880] GetParent (hWnd=0x80048) returned 0x140390 [0142.880] GetParent (hWnd=0x80048) returned 0x140390 [0142.880] GetCurrentActCtx (in: lphActCtx=0x19f20c | out: lphActCtx=0x19f20c*=0x8a376c) returned 1 [0142.881] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0142.881] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0142.881] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x56000000, X=298, Y=12, nWidth=0, nHeight=0, hWndParent=0x140390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x302fe [0142.882] SetWindowLongW (hWnd=0x302fe, nIndex=-4, dwNewLong=1949894624) returned 76481982 [0142.882] GetWindowLongW (hWnd=0x302fe, nIndex=-4) returned 1949894624 [0142.882] SetWindowLongW (hWnd=0x302fe, nIndex=-4, dwNewLong=76483270) returned 1949894624 [0142.882] GetWindowLongW (hWnd=0x302fe, nIndex=-4) returned 76483270 [0142.883] GetWindowLongW (hWnd=0x302fe, nIndex=-16) returned 1174405120 [0142.883] GetWindowLongW (hWnd=0x302fe, nIndex=-12) returned 0 [0142.883] SetWindowLongW (hWnd=0x302fe, nIndex=-12, dwNewLong=197374) returned 0 [0142.883] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x81, wParam=0x0, lParam=0x19ec30) returned 0x1 [0142.884] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x83, wParam=0x0, lParam=0x19ec1c) returned 0x0 [0142.884] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x1, wParam=0x0, lParam=0x19ec30) returned 0x0 [0142.884] GetWindow (hWnd=0x302fe, uCmd=0x3) returned 0x80048 [0142.884] GetClientRect (in: hWnd=0x302fe, lpRect=0x19e95c | out: lpRect=0x19e95c) returned 1 [0142.884] GetWindowRect (in: hWnd=0x302fe, lpRect=0x19e95c | out: lpRect=0x19e95c) returned 1 [0142.884] GetParent (hWnd=0x302fe) returned 0x140390 [0142.885] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e95c, cPoints=0x2 | out: lpPoints=0x19e95c) returned 2097184000 [0142.886] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0142.886] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x3, wParam=0x0, lParam=0xc012a) returned 0x0 [0142.886] GetClientRect (in: hWnd=0x302fe, lpRect=0x19e9b4 | out: lpRect=0x19e9b4) returned 1 [0142.886] GetWindowRect (in: hWnd=0x302fe, lpRect=0x19e9b4 | out: lpRect=0x19e9b4) returned 1 [0142.886] GetParent (hWnd=0x302fe) returned 0x140390 [0142.887] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e9b4, cPoints=0x2 | out: lpPoints=0x19e9b4) returned 2097184000 [0142.887] SendMessageW (hWnd=0x302fe, Msg=0x2210, wParam=0x2fe0001, lParam=0x302fe) returned 0x0 [0142.887] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x2210, wParam=0x2fe0001, lParam=0x302fe) returned 0x0 [0142.887] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.887] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x46, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.889] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x47, wParam=0x0, lParam=0x19ec44) returned 0x0 [0142.889] GetClientRect (in: hWnd=0x302fe, lpRect=0x19e984 | out: lpRect=0x19e984) returned 1 [0142.889] GetWindowRect (in: hWnd=0x302fe, lpRect=0x19e984 | out: lpRect=0x19e984) returned 1 [0142.889] GetParent (hWnd=0x302fe) returned 0x140390 [0142.889] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19e984, cPoints=0x2 | out: lpPoints=0x19e984) returned 2097184000 [0142.889] GetParent (hWnd=0x302fe) returned 0x140390 [0142.889] GetParent (hWnd=0x302fe) returned 0x140390 [0142.891] GdipImageGetFrameDimensionsCount (image=0x5b2f268, count=0x19f1f0) returned 0x0 [0142.891] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x8b2c40 [0142.892] GdipImageGetFrameDimensionsList (image=0x5b2f268, dimensionIDs=0x8b2c40*(Data1=0x0, Data2=0x0, Data3=0x800, Data4=([0]=0x6e, [1]=0x0, [2]=0x61, [3]=0x0, [4]=0x6d, [5]=0x0, [6]=0x65, [7]=0x0)), count=0x1) returned 0x0 [0142.899] LocalFree (hMem=0x8b2c40) returned 0x0 [0142.905] SendMessageW (hWnd=0x140390, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x1 [0142.905] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0142.906] GetParent (hWnd=0x602a8) returned 0x140390 [0142.906] GetParent (hWnd=0x402ea) returned 0x140390 [0142.906] GetParent (hWnd=0x502ce) returned 0x140390 [0142.906] GetParent (hWnd=0xa0148) returned 0x140390 [0142.906] GetParent (hWnd=0x801ea) returned 0x140390 [0142.906] GetParent (hWnd=0x602f4) returned 0x140390 [0142.906] GetParent (hWnd=0x80048) returned 0x140390 [0142.906] GetParent (hWnd=0x302fe) returned 0x140390 [0142.952] GetWindowTextLengthW (hWnd=0x140390) returned 3 [0142.952] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0142.953] GetSystemMetrics (nIndex=42) returned 0 [0142.953] GetWindowTextW (in: hWnd=0x140390, lpString=0x19efbc, nMaxCount=4 | out: lpString="Lol") returned 3 [0142.953] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xd, wParam=0x4, lParam=0x19efbc) returned 0x3 [0143.017] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.018] GetWindowLongW (hWnd=0x140390, nIndex=-16) returned 919535616 [0143.018] GetWindowTextLengthW (hWnd=0x140390) returned 3 [0143.018] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0143.018] GetSystemMetrics (nIndex=42) returned 0 [0143.018] GetWindowTextW (in: hWnd=0x140390, lpString=0x19eeb4, nMaxCount=4 | out: lpString="Lol") returned 3 [0143.018] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xd, wParam=0x4, lParam=0x19eeb4) returned 0x3 [0143.018] GetWindowTextLengthW (hWnd=0x140390) returned 3 [0143.018] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0143.018] GetSystemMetrics (nIndex=42) returned 0 [0143.019] GetWindowTextW (in: hWnd=0x140390, lpString=0x19eeb4, nMaxCount=4 | out: lpString="Lol") returned 3 [0143.019] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xd, wParam=0x4, lParam=0x19eeb4) returned 0x3 [0143.019] AdjustWindowRectEx (in: lpRect=0x19eefc, dwStyle=0x12cf0000, bMenu=0, dwExStyle=0xd0080 | out: lpRect=0x19eefc) returned 1 [0143.019] GetWindowLongW (hWnd=0x140390, nIndex=-16) returned 919535616 [0143.019] GetWindowLongW (hWnd=0x140390, nIndex=-20) returned 328064 [0143.019] SetWindowLongW (hWnd=0x140390, nIndex=-16, dwNewLong=852426752) returned 919535616 [0143.019] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x7c, wParam=0xfffffff0, lParam=0x19ef04) returned 0x0 [0143.020] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x7d, wParam=0xfffffff0, lParam=0x19ef04) returned 0x0 [0143.020] SetWindowLongW (hWnd=0x140390, nIndex=-20, dwNewLong=852096) returned 328064 [0143.020] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x7c, wParam=0xffffffec, lParam=0x19ef04) returned 0x0 [0143.021] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x7d, wParam=0xffffffec, lParam=0x19ef04) returned 0x0 [0143.022] SetWindowPos (hWnd=0x140390, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0143.022] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x46, wParam=0x0, lParam=0x19ef24) returned 0x0 [0143.022] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x83, wParam=0x1, lParam=0x19eefc) returned 0x0 [0143.025] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19ec94 | out: lpwndpl=0x19ec94) returned 1 [0143.025] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x47, wParam=0x0, lParam=0x19ef24) returned 0x0 [0143.025] GetClientRect (in: hWnd=0x140390, lpRect=0x19ec44 | out: lpRect=0x19ec44) returned 1 [0143.025] GetWindowRect (in: hWnd=0x140390, lpRect=0x19ec44 | out: lpRect=0x19ec44) returned 1 [0143.026] RedrawWindow (hWnd=0x140390, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0143.027] GetSystemMenu (hWnd=0x140390, bRevert=0) returned 0x601a9 [0143.027] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19ef58 | out: lpwndpl=0x19ef58) returned 1 [0143.027] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf020, uEnable=0x1) returned 1 [0143.027] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0143.027] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0143.027] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0143.027] EnableMenuItem (hMenu=0x601a9, uIDEnableItem=0xf000, uEnable=0x1) returned 1 [0143.040] SetLayeredWindowAttributes (hwnd=0x140390, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0143.041] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19f028 | out: lpwndpl=0x19f028) returned 1 [0143.044] GetCurrentThreadId () returned 0x6cc [0143.059] EnumThreadWindows (dwThreadId=0x6cc, lpfn=0x48f0aee, lParam=0x140390) returned 1 [0143.166] GetWindowLongW (hWnd=0x402f6, nIndex=-8) returned 0 [0143.166] GetWindowLongW (hWnd=0x140390, nIndex=-8) returned 0 [0143.166] GetWindowLongW (hWnd=0x2021a, nIndex=-8) returned 262902 [0143.201] GetFocus () returned 0x0 [0143.201] GetParent (hWnd=0x140390) returned 0x0 [0143.223] GetWindowThreadProcessId (in: hWnd=0x602a8, lpdwProcessId=0x19ef70 | out: lpdwProcessId=0x19ef70) returned 0x6cc [0143.230] GetCurrentActCtx (in: lphActCtx=0x19eed8 | out: lphActCtx=0x19eed8*=0x8a376c) returned 1 [0143.231] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.231] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.232] CreateWindowExW (dwExStyle=0x10000, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName="WindowsFormsParkingWindow", dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30302 [0143.233] SetWindowLongW (hWnd=0x30302, nIndex=-4, dwNewLong=1949894624) returned 76481982 [0143.233] GetWindowLongW (hWnd=0x30302, nIndex=-4) returned 1949894624 [0143.238] SetWindowLongW (hWnd=0x30302, nIndex=-4, dwNewLong=76481718) returned 1949894624 [0143.238] GetWindowLongW (hWnd=0x30302, nIndex=-4) returned 76481718 [0143.238] GetWindowLongW (hWnd=0x30302, nIndex=-16) returned 113311744 [0143.238] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x30302, Msg=0x24, wParam=0x0, lParam=0x19e904) returned 0x0 [0143.239] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x30302, Msg=0x81, wParam=0x0, lParam=0x19e8f8) returned 0x1 [0143.240] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x30302, Msg=0x83, wParam=0x0, lParam=0x19e8e4) returned 0x0 [0143.241] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x30302, Msg=0x1, wParam=0x0, lParam=0x19e8f8) returned 0x0 [0143.241] GetClientRect (in: hWnd=0x30302, lpRect=0x19e608 | out: lpRect=0x19e608) returned 1 [0143.241] GetWindowRect (in: hWnd=0x30302, lpRect=0x19e608 | out: lpRect=0x19e608) returned 1 [0143.242] SetWindowTextW (hWnd=0x30302, lpString="WindowsFormsParkingWindow") returned 1 [0143.242] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x30302, Msg=0xc, wParam=0x0, lParam=0x22e8fd0) returned 0x1 [0143.243] GetParent (hWnd=0x30302) returned 0x0 [0143.244] SetParent (hWndChild=0x602a8, hWndNewParent=0x30302) returned 0x140390 [0143.244] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.244] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.247] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.247] GetClientRect (in: hWnd=0x602a8, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.247] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.247] GetParent (hWnd=0x602a8) returned 0x140390 [0143.247] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned 2097184000 [0143.247] GetParent (hWnd=0x602a8) returned 0x140390 [0143.248] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.249] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.250] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.250] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x3, wParam=0x0, lParam=0xffb0000c) returned 0x0 [0143.250] GetClientRect (in: hWnd=0x602a8, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.250] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.250] GetParent (hWnd=0x602a8) returned 0x30302 [0143.250] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19e604, cPoints=0x2 | out: lpPoints=0x19e604) returned -1966088 [0143.250] GetClientRect (in: hWnd=0x602a8, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.251] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.251] GetParent (hWnd=0x602a8) returned 0x30302 [0143.251] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned -1966088 [0143.251] GetParent (hWnd=0x602a8) returned 0x30302 [0143.252] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.253] GetWindowThreadProcessId (in: hWnd=0x402ea, lpdwProcessId=0x19ef70 | out: lpdwProcessId=0x19ef70) returned 0x6cc [0143.253] SetParent (hWndChild=0x402ea, hWndNewParent=0x30302) returned 0x140390 [0143.253] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.253] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.256] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.256] GetClientRect (in: hWnd=0x402ea, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.256] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.256] GetParent (hWnd=0x402ea) returned 0x140390 [0143.257] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned 2097184000 [0143.257] GetParent (hWnd=0x402ea) returned 0x140390 [0143.258] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.259] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.260] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.260] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x3, wParam=0x0, lParam=0xfe87000c) returned 0x0 [0143.260] GetClientRect (in: hWnd=0x402ea, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.260] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.260] GetParent (hWnd=0x402ea) returned 0x30302 [0143.260] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19e604, cPoints=0x2 | out: lpPoints=0x19e604) returned -1966088 [0143.260] GetClientRect (in: hWnd=0x402ea, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.261] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.261] GetParent (hWnd=0x402ea) returned 0x30302 [0143.261] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned -1966088 [0143.262] GetParent (hWnd=0x402ea) returned 0x30302 [0143.262] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.262] GetWindowThreadProcessId (in: hWnd=0x502ce, lpdwProcessId=0x19ef70 | out: lpdwProcessId=0x19ef70) returned 0x6cc [0143.262] SetParent (hWndChild=0x502ce, hWndNewParent=0x30302) returned 0x140390 [0143.263] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.263] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.265] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.265] GetClientRect (in: hWnd=0x502ce, lpRect=0x19ebfc | out: lpRect=0x19ebfc) returned 1 [0143.265] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19ebfc | out: lpRect=0x19ebfc) returned 1 [0143.265] GetParent (hWnd=0x502ce) returned 0x140390 [0143.265] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19ebfc, cPoints=0x2 | out: lpPoints=0x19ebfc) returned 2097184000 [0143.266] GetParent (hWnd=0x502ce) returned 0x140390 [0143.267] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.268] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.269] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.269] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x3, wParam=0x0, lParam=0xff83feb5) returned 0x0 [0143.269] GetClientRect (in: hWnd=0x502ce, lpRect=0x19e608 | out: lpRect=0x19e608) returned 1 [0143.269] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19e608 | out: lpRect=0x19e608) returned 1 [0143.270] GetParent (hWnd=0x502ce) returned 0x30302 [0143.270] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19e608, cPoints=0x2 | out: lpPoints=0x19e608) returned -1966088 [0143.270] GetClientRect (in: hWnd=0x502ce, lpRect=0x19ebfc | out: lpRect=0x19ebfc) returned 1 [0143.270] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19ebfc | out: lpRect=0x19ebfc) returned 1 [0143.270] GetParent (hWnd=0x502ce) returned 0x30302 [0143.270] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19ebfc, cPoints=0x2 | out: lpPoints=0x19ebfc) returned -1966088 [0143.270] GetParent (hWnd=0x502ce) returned 0x30302 [0143.271] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.272] GetWindowThreadProcessId (in: hWnd=0xa0148, lpdwProcessId=0x19ef70 | out: lpdwProcessId=0x19ef70) returned 0x6cc [0143.272] SetParent (hWndChild=0xa0148, hWndNewParent=0x30302) returned 0x140390 [0143.272] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.272] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.274] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.274] GetClientRect (in: hWnd=0xa0148, lpRect=0x19ebfc | out: lpRect=0x19ebfc) returned 1 [0143.274] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19ebfc | out: lpRect=0x19ebfc) returned 1 [0143.274] GetParent (hWnd=0xa0148) returned 0x140390 [0143.275] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19ebfc, cPoints=0x2 | out: lpPoints=0x19ebfc) returned 2097184000 [0143.275] GetParent (hWnd=0xa0148) returned 0x140390 [0143.276] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.279] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.280] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.280] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x3, wParam=0x0, lParam=0xff1afeb5) returned 0x0 [0143.280] GetClientRect (in: hWnd=0xa0148, lpRect=0x19e608 | out: lpRect=0x19e608) returned 1 [0143.280] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19e608 | out: lpRect=0x19e608) returned 1 [0143.280] GetParent (hWnd=0xa0148) returned 0x30302 [0143.280] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19e608, cPoints=0x2 | out: lpPoints=0x19e608) returned -1966088 [0143.281] GetClientRect (in: hWnd=0xa0148, lpRect=0x19ebfc | out: lpRect=0x19ebfc) returned 1 [0143.281] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19ebfc | out: lpRect=0x19ebfc) returned 1 [0143.281] GetParent (hWnd=0xa0148) returned 0x30302 [0143.281] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19ebfc, cPoints=0x2 | out: lpPoints=0x19ebfc) returned -1966088 [0143.281] GetParent (hWnd=0xa0148) returned 0x30302 [0143.281] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.282] GetWindowThreadProcessId (in: hWnd=0x801ea, lpdwProcessId=0x19ef70 | out: lpdwProcessId=0x19ef70) returned 0x6cc [0143.282] SetParent (hWndChild=0x801ea, hWndNewParent=0x30302) returned 0x140390 [0143.282] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.283] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.285] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.285] GetClientRect (in: hWnd=0x801ea, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.285] GetWindowRect (in: hWnd=0x801ea, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.285] GetParent (hWnd=0x801ea) returned 0x140390 [0143.285] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned 2097184000 [0143.286] GetParent (hWnd=0x801ea) returned 0x140390 [0143.287] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.288] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.289] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.289] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x3, wParam=0x0, lParam=0xff47000c) returned 0x0 [0143.290] GetClientRect (in: hWnd=0x801ea, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.290] GetWindowRect (in: hWnd=0x801ea, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.290] GetParent (hWnd=0x801ea) returned 0x30302 [0143.290] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19e604, cPoints=0x2 | out: lpPoints=0x19e604) returned -1966088 [0143.290] GetClientRect (in: hWnd=0x801ea, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.290] GetWindowRect (in: hWnd=0x801ea, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.290] GetParent (hWnd=0x801ea) returned 0x30302 [0143.290] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned -1966088 [0143.290] GetParent (hWnd=0x801ea) returned 0x30302 [0143.291] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.291] GetWindowThreadProcessId (in: hWnd=0x602f4, lpdwProcessId=0x19ef70 | out: lpdwProcessId=0x19ef70) returned 0x6cc [0143.291] SetParent (hWndChild=0x602f4, hWndNewParent=0x30302) returned 0x140390 [0143.291] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.292] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.294] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.295] GetClientRect (in: hWnd=0x602f4, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.306] GetWindowRect (in: hWnd=0x602f4, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.307] GetParent (hWnd=0x602f4) returned 0x140390 [0143.307] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned 2097184000 [0143.307] GetParent (hWnd=0x602f4) returned 0x140390 [0143.311] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.313] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.313] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.313] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x3, wParam=0x0, lParam=0xfede000c) returned 0x0 [0143.313] GetClientRect (in: hWnd=0x602f4, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.313] GetWindowRect (in: hWnd=0x602f4, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.314] GetParent (hWnd=0x602f4) returned 0x30302 [0143.314] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19e604, cPoints=0x2 | out: lpPoints=0x19e604) returned -1966088 [0143.314] GetClientRect (in: hWnd=0x602f4, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.314] GetWindowRect (in: hWnd=0x602f4, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.314] GetParent (hWnd=0x602f4) returned 0x30302 [0143.314] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned -1966088 [0143.315] GetParent (hWnd=0x602f4) returned 0x30302 [0143.315] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602f4, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.316] GetWindowThreadProcessId (in: hWnd=0x80048, lpdwProcessId=0x19ef70 | out: lpdwProcessId=0x19ef70) returned 0x6cc [0143.316] SetParent (hWndChild=0x80048, hWndNewParent=0x30302) returned 0x140390 [0143.317] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.317] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.319] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.319] GetClientRect (in: hWnd=0x80048, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.320] GetWindowRect (in: hWnd=0x80048, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.320] GetParent (hWnd=0x80048) returned 0x140390 [0143.320] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned 2097184000 [0143.320] GetParent (hWnd=0x80048) returned 0x140390 [0143.321] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.323] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.323] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.323] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x3, wParam=0x0, lParam=0xfe50000c) returned 0x0 [0143.323] GetClientRect (in: hWnd=0x80048, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.323] GetWindowRect (in: hWnd=0x80048, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0143.324] GetParent (hWnd=0x80048) returned 0x30302 [0143.324] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19e604, cPoints=0x2 | out: lpPoints=0x19e604) returned -1966088 [0143.324] GetClientRect (in: hWnd=0x80048, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.324] GetWindowRect (in: hWnd=0x80048, lpRect=0x19ebe8 | out: lpRect=0x19ebe8) returned 1 [0143.324] GetParent (hWnd=0x80048) returned 0x30302 [0143.324] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19ebe8, cPoints=0x2 | out: lpPoints=0x19ebe8) returned -1966088 [0143.324] GetParent (hWnd=0x80048) returned 0x30302 [0143.325] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x80048, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.326] GetWindowThreadProcessId (in: hWnd=0x302fe, lpdwProcessId=0x19ef70 | out: lpdwProcessId=0x19ef70) returned 0x6cc [0143.326] SetParent (hWndChild=0x302fe, hWndNewParent=0x30302) returned 0x140390 [0143.326] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.327] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.329] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.329] GetClientRect (in: hWnd=0x302fe, lpRect=0x19ec24 | out: lpRect=0x19ec24) returned 1 [0143.329] GetWindowRect (in: hWnd=0x302fe, lpRect=0x19ec24 | out: lpRect=0x19ec24) returned 1 [0143.329] GetParent (hWnd=0x302fe) returned 0x140390 [0143.329] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x140390, lpPoints=0x19ec24, cPoints=0x2 | out: lpPoints=0x19ec24) returned 2097184000 [0143.329] GetParent (hWnd=0x302fe) returned 0x140390 [0143.330] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x46, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.332] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.332] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x47, wParam=0x0, lParam=0x19eee4) returned 0x0 [0143.332] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x3, wParam=0x0, lParam=0xc012a) returned 0x0 [0143.333] GetClientRect (in: hWnd=0x302fe, lpRect=0x19e710 | out: lpRect=0x19e710) returned 1 [0143.333] GetWindowRect (in: hWnd=0x302fe, lpRect=0x19e710 | out: lpRect=0x19e710) returned 1 [0143.333] GetParent (hWnd=0x302fe) returned 0x30302 [0143.333] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19e710, cPoints=0x2 | out: lpPoints=0x19e710) returned -1966088 [0143.333] GetClientRect (in: hWnd=0x302fe, lpRect=0x19ec24 | out: lpRect=0x19ec24) returned 1 [0143.333] GetWindowRect (in: hWnd=0x302fe, lpRect=0x19ec24 | out: lpRect=0x19ec24) returned 1 [0143.333] GetParent (hWnd=0x302fe) returned 0x30302 [0143.334] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30302, lpPoints=0x19ec24, cPoints=0x2 | out: lpPoints=0x19ec24) returned -1966088 [0143.334] GetParent (hWnd=0x302fe) returned 0x30302 [0143.334] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x302fe, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.335] GetWindowLongW (hWnd=0x140390, nIndex=-20) returned 852352 [0143.337] DestroyWindow (hWnd=0x140390) returned 1 [0143.337] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0143.337] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x46, wParam=0x0, lParam=0x19ee5c) returned 0x0 [0143.343] GetWindowPlacement (in: hWnd=0x140390, lpwndpl=0x19ebcc | out: lpwndpl=0x19ebcc) returned 1 [0143.343] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x47, wParam=0x0, lParam=0x19ee5c) returned 0x0 [0143.343] GetClientRect (in: hWnd=0x140390, lpRect=0x19eb7c | out: lpRect=0x19eb7c) returned 1 [0143.343] GetWindowRect (in: hWnd=0x140390, lpRect=0x19eb7c | out: lpRect=0x19eb7c) returned 1 [0143.346] GetWindowTextLengthW (hWnd=0x140390) returned 3 [0143.346] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0143.347] GetSystemMetrics (nIndex=42) returned 0 [0143.347] GetWindowTextW (in: hWnd=0x140390, lpString=0x19eab0, nMaxCount=4 | out: lpString="Lol") returned 3 [0143.347] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0xd, wParam=0x4, lParam=0x19eab0) returned 0x3 [0143.348] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0143.348] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x140390, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0143.361] GetCurrentActCtx (in: lphActCtx=0x19eeb8 | out: lphActCtx=0x19eeb8*=0x8a376c) returned 1 [0143.362] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.363] AdjustWindowRectEx (in: lpRect=0x19ee1c, dwStyle=0x12cf0000, bMenu=0, dwExStyle=0x90080 | out: lpRect=0x19ee1c) returned 1 [0143.364] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.364] CreateWindowExW (dwExStyle=0x90080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName="Lol", dwStyle=0x22cf0000, X=-32000, Y=-32000, nWidth=16, nHeight=39, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x150390 [0143.365] SetWindowLongW (hWnd=0x150390, nIndex=-4, dwNewLong=1949894624) returned 76481982 [0143.365] GetWindowLongW (hWnd=0x150390, nIndex=-4) returned 1949894624 [0143.367] SetWindowLongW (hWnd=0x150390, nIndex=-4, dwNewLong=76496230) returned 1949894624 [0143.368] GetWindowLongW (hWnd=0x150390, nIndex=-4) returned 76496230 [0143.368] GetWindowLongW (hWnd=0x150390, nIndex=-16) returned 651100160 [0143.371] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x81, wParam=0x0, lParam=0x19e8d8) returned 0x1 [0143.372] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x83, wParam=0x0, lParam=0x19e8c4) returned 0x0 [0143.374] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x1, wParam=0x0, lParam=0x19e8d8) returned 0x0 [0143.374] GetClientRect (in: hWnd=0x150390, lpRect=0x19e5d4 | out: lpRect=0x19e5d4) returned 1 [0143.374] GetWindowRect (in: hWnd=0x150390, lpRect=0x19e5d4 | out: lpRect=0x19e5d4) returned 1 [0143.375] SetWindowTextW (hWnd=0x150390, lpString="Lol") returned 1 [0143.375] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0xc, wParam=0x0, lParam=0x22e92ac) returned 0x1 [0143.376] SetLayeredWindowAttributes (hwnd=0x150390, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0143.378] GetStartupInfoW (in: lpStartupInfo=0x22e9588 | out: lpStartupInfo=0x22e9588*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0143.381] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x46, wParam=0x0, lParam=0x19e8ec) returned 0x0 [0143.381] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x83, wParam=0x1, lParam=0x19e8c4) returned 0x0 [0143.384] GetWindowPlacement (in: hWnd=0x150390, lpwndpl=0x19e65c | out: lpwndpl=0x19e65c) returned 1 [0143.384] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x47, wParam=0x0, lParam=0x19e8ec) returned 0x0 [0143.385] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x3, wParam=0x0, lParam=0x3400000) returned 0x0 [0143.385] GetClientRect (in: hWnd=0x150390, lpRect=0x19e0a8 | out: lpRect=0x19e0a8) returned 1 [0143.385] GetWindowRect (in: hWnd=0x150390, lpRect=0x19e0a8 | out: lpRect=0x19e0a8) returned 1 [0143.385] GetWindowTextLengthW (hWnd=0x150390) returned 3 [0143.385] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0143.385] GetSystemMetrics (nIndex=42) returned 0 [0143.385] GetWindowTextW (in: hWnd=0x150390, lpString=0x19df1c, nMaxCount=4 | out: lpString="Lol") returned 3 [0143.386] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0xd, wParam=0x4, lParam=0x19df1c) returned 0x3 [0143.386] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0 [0143.386] GetClientRect (in: hWnd=0x150390, lpRect=0x19e60c | out: lpRect=0x19e60c) returned 1 [0143.386] GetWindowRect (in: hWnd=0x150390, lpRect=0x19e60c | out: lpRect=0x19e60c) returned 1 [0143.388] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x83, wParam=0x1, lParam=0x19e43c) returned 0x0 [0143.395] GetParent (hWnd=0x150390) returned 0x0 [0143.395] GetStockObject (i=5) returned 0x1900015 [0143.423] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.424] CoTaskMemAlloc (cb=0x5c) returned 0x8aa598 [0143.424] RegisterClassW (lpWndClass=0x19ed98) returned 0xc1e9 [0143.424] CoTaskMemFree (pv=0x8aa598) [0143.425] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.425] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xa0056 [0143.425] SetWindowLongW (hWnd=0xa0056, nIndex=-4, dwNewLong=1949894624) returned 76496030 [0143.426] GetWindowLongW (hWnd=0xa0056, nIndex=-4) returned 1949894624 [0143.427] SetWindowLongW (hWnd=0xa0056, nIndex=-4, dwNewLong=76496110) returned 1949894624 [0143.428] GetWindowLongW (hWnd=0xa0056, nIndex=-4) returned 76496110 [0143.428] GetWindowLongW (hWnd=0xa0056, nIndex=-16) returned 79691776 [0143.428] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0xa0056, Msg=0x24, wParam=0x0, lParam=0x19e90c) returned 0x0 [0143.428] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0xa0056, Msg=0x81, wParam=0x0, lParam=0x19e900) returned 0x1 [0143.429] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0xa0056, Msg=0x83, wParam=0x0, lParam=0x19e8ec) returned 0x0 [0143.432] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0xa0056, Msg=0x1, wParam=0x0, lParam=0x19e900) returned 0x0 [0143.434] SetWindowLongW (hWnd=0x150390, nIndex=-8, dwNewLong=655446) returned 0 [0143.436] SendMessageW (hWnd=0x150390, Msg=0x80, wParam=0x0, lParam=0x800fd) returned 0x0 [0143.436] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x80, wParam=0x0, lParam=0x800fd) returned 0x0 [0143.437] SendMessageW (hWnd=0x150390, Msg=0x80, wParam=0x1, lParam=0x50103) returned 0x0 [0143.437] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x80, wParam=0x1, lParam=0x50103) returned 0x0 [0143.533] GetSystemMenu (hWnd=0x150390, bRevert=0) returned 0x701a9 [0143.534] GetWindowPlacement (in: hWnd=0x150390, lpwndpl=0x19eec8 | out: lpwndpl=0x19eec8) returned 1 [0143.534] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf020, uEnable=0x1) returned 0 [0143.534] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0143.534] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0143.535] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0143.535] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf000, uEnable=0x1) returned 0 [0143.535] SetWindowPos (hWnd=0x150390, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0143.535] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x46, wParam=0x0, lParam=0x19edd4) returned 0x0 [0143.557] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0143.568] GetWindowPlacement (in: hWnd=0x150390, lpwndpl=0x19eb44 | out: lpwndpl=0x19eb44) returned 1 [0143.568] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x47, wParam=0x0, lParam=0x19edd4) returned 0x0 [0143.568] GetClientRect (in: hWnd=0x150390, lpRect=0x19eaf4 | out: lpRect=0x19eaf4) returned 1 [0143.568] GetWindowRect (in: hWnd=0x150390, lpRect=0x19eaf4 | out: lpRect=0x19eaf4) returned 1 [0143.569] SetWindowLongW (hWnd=0x150390, nIndex=-8, dwNewLong=655446) returned 655446 [0143.571] SendMessageW (hWnd=0xa0056, Msg=0x80, wParam=0x1, lParam=0x50103) returned 0x0 [0143.572] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0xa0056, Msg=0x80, wParam=0x1, lParam=0x50103) returned 0x0 [0143.576] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.576] GetWindowLongW (hWnd=0x150390, nIndex=-16) returned 919535616 [0143.576] GetWindowTextLengthW (hWnd=0x150390) returned 3 [0143.577] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0143.577] GetSystemMetrics (nIndex=42) returned 0 [0143.577] GetWindowTextW (in: hWnd=0x150390, lpString=0x19ee14, nMaxCount=4 | out: lpString="Lol") returned 3 [0143.577] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0xd, wParam=0x4, lParam=0x19ee14) returned 0x3 [0143.577] GetWindowTextLengthW (hWnd=0x150390) returned 3 [0143.577] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0143.577] GetSystemMetrics (nIndex=42) returned 0 [0143.577] GetWindowTextW (in: hWnd=0x150390, lpString=0x19ee14, nMaxCount=4 | out: lpString="Lol") returned 3 [0143.578] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0xd, wParam=0x4, lParam=0x19ee14) returned 0x3 [0143.578] AdjustWindowRectEx (in: lpRect=0x19ee5c, dwStyle=0x12cf0000, bMenu=0, dwExStyle=0x90080 | out: lpRect=0x19ee5c) returned 1 [0143.578] GetWindowLongW (hWnd=0x150390, nIndex=-16) returned 919535616 [0143.578] GetWindowLongW (hWnd=0x150390, nIndex=-20) returned 590208 [0143.578] SetWindowLongW (hWnd=0x150390, nIndex=-16, dwNewLong=852426752) returned 919535616 [0143.579] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x7c, wParam=0xfffffff0, lParam=0x19ee64) returned 0x0 [0143.579] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x7d, wParam=0xfffffff0, lParam=0x19ee64) returned 0x0 [0143.580] SetWindowLongW (hWnd=0x150390, nIndex=-20, dwNewLong=589952) returned 590208 [0143.580] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x7c, wParam=0xffffffec, lParam=0x19ee64) returned 0x0 [0143.581] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x7d, wParam=0xffffffec, lParam=0x19ee64) returned 0x0 [0143.582] SetWindowPos (hWnd=0x150390, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0143.582] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x46, wParam=0x0, lParam=0x19ee84) returned 0x0 [0143.582] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x83, wParam=0x1, lParam=0x19ee5c) returned 0x0 [0143.584] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0143.586] GetWindowPlacement (in: hWnd=0x150390, lpwndpl=0x19ebf4 | out: lpwndpl=0x19ebf4) returned 1 [0143.586] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x47, wParam=0x0, lParam=0x19ee84) returned 0x0 [0143.586] GetClientRect (in: hWnd=0x150390, lpRect=0x19eba4 | out: lpRect=0x19eba4) returned 1 [0143.586] GetWindowRect (in: hWnd=0x150390, lpRect=0x19eba4 | out: lpRect=0x19eba4) returned 1 [0143.588] RedrawWindow (hWnd=0x150390, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0143.588] GetSystemMenu (hWnd=0x150390, bRevert=0) returned 0x701a9 [0143.589] GetWindowPlacement (in: hWnd=0x150390, lpwndpl=0x19eeb8 | out: lpwndpl=0x19eeb8) returned 1 [0143.589] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf020, uEnable=0x1) returned 1 [0143.589] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0143.589] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0143.589] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf120, uEnable=0x0) returned 0 [0143.589] EnableMenuItem (hMenu=0x701a9, uIDEnableItem=0xf000, uEnable=0x1) returned 1 [0143.589] SetParent (hWndChild=0x602a8, hWndNewParent=0x150390) returned 0x30302 [0143.590] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.592] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.594] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.594] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.594] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x3, wParam=0x0, lParam=0xffb0000c) returned 0x0 [0143.595] GetClientRect (in: hWnd=0x602a8, lpRect=0x19e61c | out: lpRect=0x19e61c) returned 1 [0143.595] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19e61c | out: lpRect=0x19e61c) returned 1 [0143.595] GetParent (hWnd=0x602a8) returned 0x150390 [0143.595] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e61c, cPoints=0x2 | out: lpPoints=0x19e61c) returned -54525952 [0143.595] GetClientRect (in: hWnd=0x602a8, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.595] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.596] GetParent (hWnd=0x602a8) returned 0x150390 [0143.596] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec00, cPoints=0x2 | out: lpPoints=0x19ec00) returned -54525952 [0143.596] GetParent (hWnd=0x602a8) returned 0x150390 [0143.596] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.596] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.598] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.598] GetClientRect (in: hWnd=0x602a8, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.598] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.598] GetParent (hWnd=0x602a8) returned 0x150390 [0143.599] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec00, cPoints=0x2 | out: lpPoints=0x19ec00) returned -54525952 [0143.599] GetParent (hWnd=0x602a8) returned 0x150390 [0143.599] GetWindow (hWnd=0x602a8, uCmd=0x3) returned 0x0 [0143.599] GetFocus () returned 0x0 [0143.599] GetParent (hWnd=0x602a8) returned 0x150390 [0143.599] GetWindowLongW (hWnd=0x602a8, nIndex=-20) returned 0 [0143.599] DestroyWindow (hWnd=0x602a8) returned 1 [0143.600] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0143.600] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x210, wParam=0x2a80002, lParam=0x602a8) returned 0x0 [0143.600] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.600] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x46, wParam=0x0, lParam=0x19eddc) returned 0x0 [0143.603] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x47, wParam=0x0, lParam=0x19eddc) returned 0x0 [0143.603] GetClientRect (in: hWnd=0x602a8, lpRect=0x19eae0 | out: lpRect=0x19eae0) returned 1 [0143.603] GetWindowRect (in: hWnd=0x602a8, lpRect=0x19eae0 | out: lpRect=0x19eae0) returned 1 [0143.603] GetParent (hWnd=0x602a8) returned 0x150390 [0143.603] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19eae0, cPoints=0x2 | out: lpPoints=0x19eae0) returned -54525952 [0143.603] GetParent (hWnd=0x602a8) returned 0x150390 [0143.604] GetWindowTextLengthW (hWnd=0x602a8) returned 1 [0143.604] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0143.604] GetSystemMetrics (nIndex=42) returned 0 [0143.604] GetWindowTextW (in: hWnd=0x602a8, lpString=0x19ea24, nMaxCount=2 | out: lpString=".") returned 1 [0143.604] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0xd, wParam=0x2, lParam=0x19ea24) returned 0x1 [0143.604] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0143.605] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x602a8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0143.617] GetCurrentActCtx (in: lphActCtx=0x19ee8c | out: lphActCtx=0x19ee8c*=0x8a376c) returned 1 [0143.618] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.619] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.619] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName=".", dwStyle=0x5600000d, X=12, Y=-80, nWidth=0, nHeight=71, hWndParent=0x150390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x702a8 [0143.620] SetWindowLongW (hWnd=0x702a8, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0143.620] GetWindowLongW (hWnd=0x702a8, nIndex=-4) returned 1861937536 [0143.621] SetWindowLongW (hWnd=0x702a8, nIndex=-4, dwNewLong=76496150) returned 1861937536 [0143.621] GetWindowLongW (hWnd=0x702a8, nIndex=-4) returned 76496150 [0143.621] GetWindowLongW (hWnd=0x702a8, nIndex=-16) returned 1174405133 [0143.621] GetWindowLongW (hWnd=0x702a8, nIndex=-12) returned 0 [0143.621] SetWindowLongW (hWnd=0x702a8, nIndex=-12, dwNewLong=459432) returned 0 [0143.623] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x81, wParam=0x0, lParam=0x19e8b0) returned 0x1 [0143.625] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x83, wParam=0x0, lParam=0x19e89c) returned 0x0 [0143.625] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x1, wParam=0x0, lParam=0x19e8b0) returned 0x0 [0143.626] GetWindow (hWnd=0x702a8, uCmd=0x3) returned 0x0 [0143.626] GetClientRect (in: hWnd=0x702a8, lpRect=0x19e5a0 | out: lpRect=0x19e5a0) returned 1 [0143.626] GetWindowRect (in: hWnd=0x702a8, lpRect=0x19e5a0 | out: lpRect=0x19e5a0) returned 1 [0143.626] GetParent (hWnd=0x702a8) returned 0x150390 [0143.626] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5a0, cPoints=0x2 | out: lpPoints=0x19e5a0) returned -54525952 [0143.627] SetWindowTextW (hWnd=0x702a8, lpString=".") returned 1 [0143.627] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0xc, wParam=0x0, lParam=0x22e9a64) returned 0x1 [0143.628] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x5, wParam=0x0, lParam=0x470000) returned 0x0 [0143.628] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x3, wParam=0x0, lParam=0xffb0000c) returned 0x0 [0143.628] GetClientRect (in: hWnd=0x702a8, lpRect=0x19e5f8 | out: lpRect=0x19e5f8) returned 1 [0143.629] GetWindowRect (in: hWnd=0x702a8, lpRect=0x19e5f8 | out: lpRect=0x19e5f8) returned 1 [0143.629] GetParent (hWnd=0x702a8) returned 0x150390 [0143.629] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5f8, cPoints=0x2 | out: lpPoints=0x19e5f8) returned -54525952 [0143.629] SendMessageW (hWnd=0x702a8, Msg=0x2210, wParam=0x2a80001, lParam=0x702a8) returned 0x0 [0143.629] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x2210, wParam=0x2a80001, lParam=0x702a8) returned 0x0 [0143.630] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.630] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x46, wParam=0x0, lParam=0x19e8c4) returned 0x0 [0143.632] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702a8, Msg=0x47, wParam=0x0, lParam=0x19e8c4) returned 0x0 [0143.632] GetClientRect (in: hWnd=0x702a8, lpRect=0x19e5c8 | out: lpRect=0x19e5c8) returned 1 [0143.632] GetWindowRect (in: hWnd=0x702a8, lpRect=0x19e5c8 | out: lpRect=0x19e5c8) returned 1 [0143.632] GetParent (hWnd=0x702a8) returned 0x150390 [0143.632] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5c8, cPoints=0x2 | out: lpPoints=0x19e5c8) returned -54525952 [0143.632] GetParent (hWnd=0x702a8) returned 0x150390 [0143.633] GetParent (hWnd=0x702a8) returned 0x150390 [0143.633] SetParent (hWndChild=0x402ea, hWndNewParent=0x150390) returned 0x30302 [0143.633] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.635] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.636] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.637] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.637] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x3, wParam=0x0, lParam=0xfe87000c) returned 0x0 [0143.637] GetClientRect (in: hWnd=0x402ea, lpRect=0x19e61c | out: lpRect=0x19e61c) returned 1 [0143.638] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19e61c | out: lpRect=0x19e61c) returned 1 [0143.638] GetParent (hWnd=0x402ea) returned 0x150390 [0143.638] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e61c, cPoints=0x2 | out: lpPoints=0x19e61c) returned -54525952 [0143.639] GetClientRect (in: hWnd=0x402ea, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.639] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.639] GetParent (hWnd=0x402ea) returned 0x150390 [0143.639] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec00, cPoints=0x2 | out: lpPoints=0x19ec00) returned -54525952 [0143.639] GetParent (hWnd=0x402ea) returned 0x150390 [0143.639] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.640] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.642] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.642] GetClientRect (in: hWnd=0x402ea, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.642] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.642] GetParent (hWnd=0x402ea) returned 0x150390 [0143.642] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec00, cPoints=0x2 | out: lpPoints=0x19ec00) returned -54525952 [0143.642] GetParent (hWnd=0x402ea) returned 0x150390 [0143.643] GetWindow (hWnd=0x402ea, uCmd=0x3) returned 0x0 [0143.643] SetWindowPos (hWnd=0x402ea, hWndInsertAfter=0x702a8, X=0, Y=0, cx=0, cy=0, uFlags=0x3) returned 1 [0143.643] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x46, wParam=0x0, lParam=0x19eea4) returned 0x0 [0143.645] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.645] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x47, wParam=0x0, lParam=0x19eea4) returned 0x0 [0143.645] GetClientRect (in: hWnd=0x402ea, lpRect=0x19eba8 | out: lpRect=0x19eba8) returned 1 [0143.645] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19eba8 | out: lpRect=0x19eba8) returned 1 [0143.646] GetParent (hWnd=0x402ea) returned 0x150390 [0143.646] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19eba8, cPoints=0x2 | out: lpPoints=0x19eba8) returned -54525952 [0143.646] GetParent (hWnd=0x402ea) returned 0x150390 [0143.646] GetWindow (hWnd=0x402ea, uCmd=0x3) returned 0x702a8 [0143.646] GetFocus () returned 0x0 [0143.647] GetParent (hWnd=0x402ea) returned 0x150390 [0143.647] GetWindowLongW (hWnd=0x402ea, nIndex=-20) returned 0 [0143.647] DestroyWindow (hWnd=0x402ea) returned 1 [0143.647] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0143.647] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x210, wParam=0x2ea0002, lParam=0x402ea) returned 0x0 [0143.648] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.648] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x46, wParam=0x0, lParam=0x19eddc) returned 0x0 [0143.650] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x47, wParam=0x0, lParam=0x19eddc) returned 0x0 [0143.650] GetClientRect (in: hWnd=0x402ea, lpRect=0x19eae0 | out: lpRect=0x19eae0) returned 1 [0143.650] GetWindowRect (in: hWnd=0x402ea, lpRect=0x19eae0 | out: lpRect=0x19eae0) returned 1 [0143.650] GetParent (hWnd=0x402ea) returned 0x150390 [0143.650] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19eae0, cPoints=0x2 | out: lpPoints=0x19eae0) returned -54525952 [0143.650] GetParent (hWnd=0x402ea) returned 0x150390 [0143.651] GetWindowTextLengthW (hWnd=0x402ea) returned 32 [0143.651] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x20 [0143.651] GetSystemMetrics (nIndex=42) returned 0 [0143.651] GetWindowTextW (in: hWnd=0x402ea, lpString=0x19e9e4, nMaxCount=33 | out: lpString="In order to recover your data...") returned 32 [0143.651] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0xd, wParam=0x21, lParam=0x19e9e4) returned 0x20 [0143.651] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0143.652] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x402ea, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0143.657] GetCurrentActCtx (in: lphActCtx=0x19ee8c | out: lphActCtx=0x19ee8c*=0x8a376c) returned 1 [0143.657] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.658] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.659] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName="In order to recover your data...", dwStyle=0x5600000d, X=12, Y=-377, nWidth=0, nHeight=87, hWndParent=0x150390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x502ea [0143.659] SetWindowLongW (hWnd=0x502ea, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0143.660] GetWindowLongW (hWnd=0x502ea, nIndex=-4) returned 1861937536 [0143.660] SetWindowLongW (hWnd=0x502ea, nIndex=-4, dwNewLong=76495550) returned 1861937536 [0143.661] GetWindowLongW (hWnd=0x502ea, nIndex=-4) returned 76495550 [0143.661] GetWindowLongW (hWnd=0x502ea, nIndex=-16) returned 1174405133 [0143.661] GetWindowLongW (hWnd=0x502ea, nIndex=-12) returned 0 [0143.661] SetWindowLongW (hWnd=0x502ea, nIndex=-12, dwNewLong=328426) returned 0 [0143.662] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x81, wParam=0x0, lParam=0x19e8b0) returned 0x1 [0143.663] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x83, wParam=0x0, lParam=0x19e89c) returned 0x0 [0143.663] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x1, wParam=0x0, lParam=0x19e8b0) returned 0x0 [0143.664] GetWindow (hWnd=0x502ea, uCmd=0x3) returned 0x702a8 [0143.665] GetClientRect (in: hWnd=0x502ea, lpRect=0x19e5a0 | out: lpRect=0x19e5a0) returned 1 [0143.665] GetWindowRect (in: hWnd=0x502ea, lpRect=0x19e5a0 | out: lpRect=0x19e5a0) returned 1 [0143.665] GetParent (hWnd=0x502ea) returned 0x150390 [0143.665] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5a0, cPoints=0x2 | out: lpPoints=0x19e5a0) returned -54525952 [0143.667] SetWindowTextW (hWnd=0x502ea, lpString="In order to recover your data...") returned 1 [0143.667] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0xc, wParam=0x0, lParam=0x22e9dbc) returned 0x1 [0143.668] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x5, wParam=0x0, lParam=0x570000) returned 0x0 [0143.668] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x3, wParam=0x0, lParam=0xfe87000c) returned 0x0 [0143.668] GetClientRect (in: hWnd=0x502ea, lpRect=0x19e5f8 | out: lpRect=0x19e5f8) returned 1 [0143.668] GetWindowRect (in: hWnd=0x502ea, lpRect=0x19e5f8 | out: lpRect=0x19e5f8) returned 1 [0143.669] GetParent (hWnd=0x502ea) returned 0x150390 [0143.669] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5f8, cPoints=0x2 | out: lpPoints=0x19e5f8) returned -54525952 [0143.669] SendMessageW (hWnd=0x502ea, Msg=0x2210, wParam=0x2ea0001, lParam=0x502ea) returned 0x0 [0143.669] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x2210, wParam=0x2ea0001, lParam=0x502ea) returned 0x0 [0143.669] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.670] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x46, wParam=0x0, lParam=0x19e8c4) returned 0x0 [0143.672] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x502ea, Msg=0x47, wParam=0x0, lParam=0x19e8c4) returned 0x0 [0143.673] GetClientRect (in: hWnd=0x502ea, lpRect=0x19e5c8 | out: lpRect=0x19e5c8) returned 1 [0143.673] GetWindowRect (in: hWnd=0x502ea, lpRect=0x19e5c8 | out: lpRect=0x19e5c8) returned 1 [0143.673] GetParent (hWnd=0x502ea) returned 0x150390 [0143.673] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5c8, cPoints=0x2 | out: lpPoints=0x19e5c8) returned -54525952 [0143.673] GetParent (hWnd=0x502ea) returned 0x150390 [0143.673] GetParent (hWnd=0x502ea) returned 0x150390 [0143.674] SetParent (hWndChild=0x502ce, hWndNewParent=0x150390) returned 0x30302 [0143.674] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.675] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.677] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.678] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.678] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x3, wParam=0x0, lParam=0xff83feb5) returned 0x0 [0143.678] GetClientRect (in: hWnd=0x502ce, lpRect=0x19e620 | out: lpRect=0x19e620) returned 1 [0143.679] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19e620 | out: lpRect=0x19e620) returned 1 [0143.679] GetParent (hWnd=0x502ce) returned 0x150390 [0143.679] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e620, cPoints=0x2 | out: lpPoints=0x19e620) returned -54525952 [0143.679] GetClientRect (in: hWnd=0x502ce, lpRect=0x19ec14 | out: lpRect=0x19ec14) returned 1 [0143.679] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19ec14 | out: lpRect=0x19ec14) returned 1 [0143.680] GetParent (hWnd=0x502ce) returned 0x150390 [0143.680] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec14, cPoints=0x2 | out: lpPoints=0x19ec14) returned -54525952 [0143.680] GetParent (hWnd=0x502ce) returned 0x150390 [0143.680] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.680] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.682] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.682] GetClientRect (in: hWnd=0x502ce, lpRect=0x19ec14 | out: lpRect=0x19ec14) returned 1 [0143.683] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19ec14 | out: lpRect=0x19ec14) returned 1 [0143.683] GetParent (hWnd=0x502ce) returned 0x150390 [0143.683] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec14, cPoints=0x2 | out: lpPoints=0x19ec14) returned -54525952 [0143.683] GetParent (hWnd=0x502ce) returned 0x150390 [0143.683] GetWindow (hWnd=0x502ce, uCmd=0x3) returned 0x0 [0143.683] SetWindowPos (hWnd=0x502ce, hWndInsertAfter=0x502ea, X=0, Y=0, cx=0, cy=0, uFlags=0x3) returned 1 [0143.684] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x46, wParam=0x0, lParam=0x19eea4) returned 0x0 [0143.686] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.686] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x47, wParam=0x0, lParam=0x19eea4) returned 0x0 [0143.686] GetClientRect (in: hWnd=0x502ce, lpRect=0x19ebbc | out: lpRect=0x19ebbc) returned 1 [0143.686] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19ebbc | out: lpRect=0x19ebbc) returned 1 [0143.686] GetParent (hWnd=0x502ce) returned 0x150390 [0143.686] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ebbc, cPoints=0x2 | out: lpPoints=0x19ebbc) returned -54525952 [0143.687] GetParent (hWnd=0x502ce) returned 0x150390 [0143.687] GetWindow (hWnd=0x502ce, uCmd=0x3) returned 0x502ea [0143.687] GetFocus () returned 0x0 [0143.688] GetParent (hWnd=0x502ce) returned 0x150390 [0143.688] GetWindowLongW (hWnd=0x502ce, nIndex=-20) returned 512 [0143.688] DestroyWindow (hWnd=0x502ce) returned 1 [0143.688] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0143.688] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x210, wParam=0x2ce0002, lParam=0x502ce) returned 0x0 [0143.688] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.688] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x46, wParam=0x0, lParam=0x19eddc) returned 0x0 [0143.690] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x47, wParam=0x0, lParam=0x19eddc) returned 0x0 [0143.690] GetClientRect (in: hWnd=0x502ce, lpRect=0x19eaf4 | out: lpRect=0x19eaf4) returned 1 [0143.691] GetWindowRect (in: hWnd=0x502ce, lpRect=0x19eaf4 | out: lpRect=0x19eaf4) returned 1 [0143.691] GetParent (hWnd=0x502ce) returned 0x150390 [0143.691] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19eaf4, cPoints=0x2 | out: lpPoints=0x19eaf4) returned -54525952 [0143.691] GetParent (hWnd=0x502ce) returned 0x150390 [0143.691] SendMessageW (hWnd=0x502ce, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0 [0143.691] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0 [0143.692] SendMessageW (hWnd=0x502ce, Msg=0xb0, wParam=0x22cadc8, lParam=0x19eaf4) returned 0x0 [0143.692] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0xb0, wParam=0x22cadc8, lParam=0x19eaf4) returned 0x0 [0143.693] GetWindowTextLengthW (hWnd=0x502ce) returned 33 [0143.693] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x21 [0143.693] GetSystemMetrics (nIndex=42) returned 0 [0143.693] GetWindowTextW (in: hWnd=0x502ce, lpString=0x19e9d4, nMaxCount=34 | out: lpString="friendly.cyber.criminal@gmail.com") returned 33 [0143.693] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0xd, wParam=0x22, lParam=0x19e9d4) returned 0x21 [0143.693] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x1 [0143.694] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x502ce, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0143.696] GetCurrentActCtx (in: lphActCtx=0x19ee68 | out: lphActCtx=0x19ee68*=0x8a376c) returned 1 [0143.696] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.697] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.697] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r10_ad1", lpWindowName="friendly.cyber.criminal@gmail.com", dwStyle=0x560108c1, X=-333, Y=-127, nWidth=677, nHeight=44, hWndParent=0x150390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x602ce [0143.698] SetWindowLongW (hWnd=0x602ce, nIndex=-4, dwNewLong=1862320944) returned 76483030 [0143.698] GetWindowLongW (hWnd=0x602ce, nIndex=-4) returned 1862320944 [0143.699] SetWindowLongW (hWnd=0x602ce, nIndex=-4, dwNewLong=76496270) returned 1862320944 [0143.699] GetWindowLongW (hWnd=0x602ce, nIndex=-4) returned 76496270 [0143.699] GetWindowLongW (hWnd=0x602ce, nIndex=-16) returned 1174472897 [0143.699] GetWindowLongW (hWnd=0x602ce, nIndex=-12) returned 0 [0143.699] SetWindowLongW (hWnd=0x602ce, nIndex=-12, dwNewLong=393934) returned 0 [0143.700] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x81, wParam=0x0, lParam=0x19e888) returned 0x1 [0143.702] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x83, wParam=0x0, lParam=0x19e874) returned 0x0 [0143.702] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x1, wParam=0x0, lParam=0x19e888) returned 0x1 [0143.704] SendMessageW (hWnd=0x602ce, Msg=0x2111, wParam=0x40002ce, lParam=0x602ce) returned 0x0 [0143.705] SendMessageW (hWnd=0x602ce, Msg=0x2111, wParam=0x30002ce, lParam=0x602ce) returned 0x0 [0143.705] SendMessageW (hWnd=0x602ce, Msg=0x2055, wParam=0x602ce, lParam=0x3) returned 0x2 [0143.706] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0 [0143.706] GetWindow (hWnd=0x602ce, uCmd=0x3) returned 0x502ea [0143.706] GetClientRect (in: hWnd=0x602ce, lpRect=0x19e58c | out: lpRect=0x19e58c) returned 1 [0143.706] GetWindowRect (in: hWnd=0x602ce, lpRect=0x19e58c | out: lpRect=0x19e58c) returned 1 [0143.706] GetParent (hWnd=0x602ce) returned 0x150390 [0143.707] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e58c, cPoints=0x2 | out: lpPoints=0x19e58c) returned -54525952 [0143.707] SendMessageW (hWnd=0x602ce, Msg=0x30, wParam=0x6b0a0564, lParam=0x0) returned 0x1 [0143.707] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x30, wParam=0x6b0a0564, lParam=0x0) returned 0x1 [0143.707] SendMessageW (hWnd=0x602ce, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0143.707] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0143.708] SetWindowTextW (hWnd=0x602ce, lpString="friendly.cyber.criminal@gmail.com") returned 1 [0143.708] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xc, wParam=0x0, lParam=0x22ea154) returned 0x1 [0143.708] SendMessageW (hWnd=0x602ce, Msg=0x2111, wParam=0x40002ce, lParam=0x602ce) returned 0x0 [0143.708] SendMessageW (hWnd=0x602ce, Msg=0x2111, wParam=0x30002ce, lParam=0x602ce) returned 0x0 [0143.709] GetSystemMetrics (nIndex=5) returned 1 [0143.709] GetSystemMetrics (nIndex=6) returned 1 [0143.709] SendMessageW (hWnd=0x602ce, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0143.709] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0143.710] GetWindowTextLengthW (hWnd=0x602ce) returned 33 [0143.710] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x21 [0143.710] SendMessageW (hWnd=0x602ce, Msg=0xb1, wParam=0x0, lParam=0x0) returned 0x1 [0143.710] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xb1, wParam=0x0, lParam=0x0) returned 0x1 [0143.881] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x5, wParam=0x0, lParam=0x2802a1) returned 0x0 [0143.881] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x3, wParam=0x0, lParam=0xff83feb5) returned 0x0 [0143.881] GetClientRect (in: hWnd=0x602ce, lpRect=0x19e5e4 | out: lpRect=0x19e5e4) returned 1 [0143.881] GetWindowRect (in: hWnd=0x602ce, lpRect=0x19e5e4 | out: lpRect=0x19e5e4) returned 1 [0143.881] GetParent (hWnd=0x602ce) returned 0x150390 [0143.882] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5e4, cPoints=0x2 | out: lpPoints=0x19e5e4) returned -54525952 [0143.882] SendMessageW (hWnd=0x602ce, Msg=0x2210, wParam=0x2ce0001, lParam=0x602ce) returned 0x0 [0143.882] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x2210, wParam=0x2ce0001, lParam=0x602ce) returned 0x0 [0143.882] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.883] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x46, wParam=0x0, lParam=0x19e89c) returned 0x0 [0143.885] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0x47, wParam=0x0, lParam=0x19e89c) returned 0x0 [0143.885] GetClientRect (in: hWnd=0x602ce, lpRect=0x19e5b4 | out: lpRect=0x19e5b4) returned 1 [0143.885] GetWindowRect (in: hWnd=0x602ce, lpRect=0x19e5b4 | out: lpRect=0x19e5b4) returned 1 [0143.885] GetParent (hWnd=0x602ce) returned 0x150390 [0143.885] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5b4, cPoints=0x2 | out: lpPoints=0x19e5b4) returned -54525952 [0143.885] GetParent (hWnd=0x602ce) returned 0x150390 [0143.886] GetParent (hWnd=0x602ce) returned 0x150390 [0143.886] SetParent (hWndChild=0xa0148, hWndNewParent=0x150390) returned 0x30302 [0143.886] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.888] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.889] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.890] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.890] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x3, wParam=0x0, lParam=0xff1afeb5) returned 0x0 [0143.890] GetClientRect (in: hWnd=0xa0148, lpRect=0x19e620 | out: lpRect=0x19e620) returned 1 [0143.890] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19e620 | out: lpRect=0x19e620) returned 1 [0143.890] GetParent (hWnd=0xa0148) returned 0x150390 [0143.890] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e620, cPoints=0x2 | out: lpPoints=0x19e620) returned -54525952 [0143.891] GetClientRect (in: hWnd=0xa0148, lpRect=0x19ec14 | out: lpRect=0x19ec14) returned 1 [0143.891] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19ec14 | out: lpRect=0x19ec14) returned 1 [0143.891] GetParent (hWnd=0xa0148) returned 0x150390 [0143.891] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec14, cPoints=0x2 | out: lpPoints=0x19ec14) returned -54525952 [0143.891] GetParent (hWnd=0xa0148) returned 0x150390 [0143.891] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.892] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.893] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.894] GetClientRect (in: hWnd=0xa0148, lpRect=0x19ec14 | out: lpRect=0x19ec14) returned 1 [0143.894] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19ec14 | out: lpRect=0x19ec14) returned 1 [0143.894] GetParent (hWnd=0xa0148) returned 0x150390 [0143.894] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec14, cPoints=0x2 | out: lpPoints=0x19ec14) returned -54525952 [0143.894] GetParent (hWnd=0xa0148) returned 0x150390 [0143.896] GetWindow (hWnd=0xa0148, uCmd=0x3) returned 0x0 [0143.896] SetWindowPos (hWnd=0xa0148, hWndInsertAfter=0x602ce, X=0, Y=0, cx=0, cy=0, uFlags=0x3) returned 1 [0143.896] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x46, wParam=0x0, lParam=0x19eea4) returned 0x0 [0143.898] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.898] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x47, wParam=0x0, lParam=0x19eea4) returned 0x0 [0143.899] GetClientRect (in: hWnd=0xa0148, lpRect=0x19ebbc | out: lpRect=0x19ebbc) returned 1 [0143.899] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19ebbc | out: lpRect=0x19ebbc) returned 1 [0143.899] GetParent (hWnd=0xa0148) returned 0x150390 [0143.899] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ebbc, cPoints=0x2 | out: lpPoints=0x19ebbc) returned -54525952 [0143.899] GetParent (hWnd=0xa0148) returned 0x150390 [0143.899] GetWindow (hWnd=0xa0148, uCmd=0x3) returned 0x602ce [0143.899] GetFocus () returned 0x0 [0143.900] GetParent (hWnd=0xa0148) returned 0x150390 [0143.900] GetWindowLongW (hWnd=0xa0148, nIndex=-20) returned 512 [0143.900] DestroyWindow (hWnd=0xa0148) returned 1 [0143.900] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0143.901] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x150390, Msg=0x210, wParam=0x1480002, lParam=0xa0148) returned 0x0 [0143.901] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.901] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x46, wParam=0x0, lParam=0x19eddc) returned 0x0 [0143.903] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x47, wParam=0x0, lParam=0x19eddc) returned 0x0 [0143.903] GetClientRect (in: hWnd=0xa0148, lpRect=0x19eaf4 | out: lpRect=0x19eaf4) returned 1 [0143.903] GetWindowRect (in: hWnd=0xa0148, lpRect=0x19eaf4 | out: lpRect=0x19eaf4) returned 1 [0143.903] GetParent (hWnd=0xa0148) returned 0x150390 [0143.904] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19eaf4, cPoints=0x2 | out: lpPoints=0x19eaf4) returned -54525952 [0143.904] GetParent (hWnd=0xa0148) returned 0x150390 [0143.904] SendMessageW (hWnd=0xa0148, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0 [0143.904] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0xb8, wParam=0x0, lParam=0x0) returned 0x0 [0143.905] SendMessageW (hWnd=0xa0148, Msg=0xb0, wParam=0x22ca464, lParam=0x19eaf4) returned 0x0 [0143.905] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0xb0, wParam=0x22ca464, lParam=0x19eaf4) returned 0x0 [0143.905] GetWindowTextLengthW (hWnd=0xa0148) returned 34 [0143.905] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x22 [0143.905] GetSystemMetrics (nIndex=42) returned 0 [0143.906] GetWindowTextW (in: hWnd=0xa0148, lpString=0x19e9d0, nMaxCount=35 | out: lpString="1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1") returned 34 [0143.906] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0xd, wParam=0x23, lParam=0x19e9d0) returned 0x22 [0143.906] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x1 [0143.907] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xa0148, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0143.910] GetCurrentActCtx (in: lphActCtx=0x19ee68 | out: lphActCtx=0x19ee68*=0x8a376c) returned 1 [0143.910] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.946] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.946] CreateWindowExW (dwExStyle=0x200, lpClassName="WindowsForms10.EDIT.app.0.141b42a_r10_ad1", lpWindowName="1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1", dwStyle=0x560108c1, X=-333, Y=-232, nWidth=677, nHeight=44, hWndParent=0x150390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xb0148 [0143.947] SetWindowLongW (hWnd=0xb0148, nIndex=-4, dwNewLong=1862320944) returned 76483030 [0143.947] GetWindowLongW (hWnd=0xb0148, nIndex=-4) returned 1862320944 [0143.948] SetWindowLongW (hWnd=0xb0148, nIndex=-4, dwNewLong=76495830) returned 1862320944 [0143.948] GetWindowLongW (hWnd=0xb0148, nIndex=-4) returned 76495830 [0143.948] GetWindowLongW (hWnd=0xb0148, nIndex=-16) returned 1174472897 [0143.948] GetWindowLongW (hWnd=0xb0148, nIndex=-12) returned 0 [0143.948] SetWindowLongW (hWnd=0xb0148, nIndex=-12, dwNewLong=721224) returned 0 [0143.949] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x81, wParam=0x0, lParam=0x19e888) returned 0x1 [0143.951] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x83, wParam=0x0, lParam=0x19e874) returned 0x0 [0143.952] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x1, wParam=0x0, lParam=0x19e888) [0143.953] SendMessageW (hWnd=0xb0148, Msg=0x2111, wParam=0x4000148, lParam=0xb0148) returned 0x0 [0143.953] SendMessageW (hWnd=0xb0148, Msg=0x2111, wParam=0x3000148, lParam=0xb0148) returned 0x0 [0143.954] SendMessageW (hWnd=0xb0148, Msg=0x2055, wParam=0xb0148, lParam=0x3) returned 0x2 [0143.955] GetWindow (hWnd=0xb0148, uCmd=0x3) returned 0x602ce [0143.955] GetClientRect (in: hWnd=0xb0148, lpRect=0x19e58c | out: lpRect=0x19e58c) returned 1 [0143.955] GetWindowRect (in: hWnd=0xb0148, lpRect=0x19e58c | out: lpRect=0x19e58c) returned 1 [0143.955] GetParent (hWnd=0xb0148) returned 0x150390 [0143.956] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e58c, cPoints=0x2 | out: lpPoints=0x19e58c) returned -54525952 [0143.956] SendMessageW (hWnd=0xb0148, Msg=0x30, wParam=0x180a06c9, lParam=0x0) [0143.956] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x30, wParam=0x180a06c9, lParam=0x0) returned 0x1 [0143.956] SendMessageW (hWnd=0xb0148, Msg=0xd3, wParam=0x3, lParam=0x0) [0143.956] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0xd3, wParam=0x3, lParam=0x0) returned 0x0 [0143.957] SetWindowTextW (hWnd=0xb0148, lpString="1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1") [0143.957] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0xc, wParam=0x0, lParam=0x22ea4f4) [0143.958] SendMessageW (hWnd=0xb0148, Msg=0x2111, wParam=0x4000148, lParam=0xb0148) [0143.958] GetSystemMetrics (nIndex=5) returned 1 [0143.958] GetSystemMetrics (nIndex=6) returned 1 [0143.958] SendMessageW (hWnd=0xb0148, Msg=0xc5, wParam=0x7fff, lParam=0x0) [0143.959] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0xc5, wParam=0x7fff, lParam=0x0) returned 0x1 [0143.968] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x5, wParam=0x0, lParam=0x2802a1) returned 0x0 [0143.968] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x3, wParam=0x0, lParam=0xff1afeb5) returned 0x0 [0143.968] GetClientRect (in: hWnd=0xb0148, lpRect=0x19e5e4 | out: lpRect=0x19e5e4) returned 1 [0143.968] GetWindowRect (in: hWnd=0xb0148, lpRect=0x19e5e4 | out: lpRect=0x19e5e4) returned 1 [0143.968] GetParent (hWnd=0xb0148) returned 0x150390 [0143.968] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5e4, cPoints=0x2 | out: lpPoints=0x19e5e4) returned -54525952 [0143.969] SendMessageW (hWnd=0xb0148, Msg=0x2210, wParam=0x1480001, lParam=0xb0148) [0143.969] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x2210, wParam=0x1480001, lParam=0xb0148) returned 0x0 [0143.969] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.970] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x46, wParam=0x0, lParam=0x19e89c) returned 0x0 [0143.973] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0x47, wParam=0x0, lParam=0x19e89c) returned 0x0 [0143.973] GetClientRect (in: hWnd=0xb0148, lpRect=0x19e5b4 | out: lpRect=0x19e5b4) returned 1 [0143.973] GetWindowRect (in: hWnd=0xb0148, lpRect=0x19e5b4 | out: lpRect=0x19e5b4) returned 1 [0143.973] GetParent (hWnd=0xb0148) returned 0x150390 [0143.973] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5b4, cPoints=0x2 | out: lpPoints=0x19e5b4) returned -54525952 [0143.973] GetParent (hWnd=0xb0148) returned 0x150390 [0143.974] GetParent (hWnd=0xb0148) returned 0x150390 [0143.974] SetParent (hWndChild=0x801ea, hWndNewParent=0x150390) [0143.974] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0143.976] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.979] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0143.979] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x47, wParam=0x0, lParam=0x19eefc) [0143.980] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x3, wParam=0x0, lParam=0xff47000c) returned 0x0 [0143.980] GetClientRect (in: hWnd=0x801ea, lpRect=0x19e61c | out: lpRect=0x19e61c) returned 1 [0143.980] GetWindowRect (in: hWnd=0x801ea, lpRect=0x19e61c | out: lpRect=0x19e61c) returned 1 [0143.980] GetParent (hWnd=0x801ea) returned 0x150390 [0143.980] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e61c, cPoints=0x2 | out: lpPoints=0x19e61c) returned -54525952 [0143.980] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec00, cPoints=0x2 | out: lpPoints=0x19ec00) returned -54525952 [0143.980] GetParent (hWnd=0x801ea) returned 0x150390 [0143.980] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0143.980] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x46, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.982] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x47, wParam=0x0, lParam=0x19eefc) returned 0x0 [0143.983] GetClientRect (in: hWnd=0x801ea, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.983] GetWindowRect (in: hWnd=0x801ea, lpRect=0x19ec00 | out: lpRect=0x19ec00) returned 1 [0143.983] GetParent (hWnd=0x801ea) returned 0x150390 [0143.983] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19ec00, cPoints=0x2 | out: lpPoints=0x19ec00) returned -54525952 [0143.983] GetParent (hWnd=0x801ea) returned 0x150390 [0143.983] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x801ea, Msg=0x46, wParam=0x0, lParam=0x19eea4) returned 0x0 [0143.986] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19eba8, cPoints=0x2 | out: lpPoints=0x19eba8) returned -54525952 [0143.986] GetParent (hWnd=0x801ea) returned 0x150390 [0143.986] GetWindow (hWnd=0x801ea, uCmd=0x3) returned 0xb0148 [0143.989] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19eae0, cPoints=0x2 | out: lpPoints=0x19eae0) returned -54525952 [0143.989] GetParent (hWnd=0x801ea) returned 0x150390 [0143.989] GetWindowTextLengthW (hWnd=0x801ea) [0143.992] GetCurrentActCtx (in: lphActCtx=0x19ee8c | out: lphActCtx=0x19ee8c*=0x8a376c) returned 1 [0143.993] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0143.994] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0143.994] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName="Next, E-mail your transaction ID to the following address:", dwStyle=0x5600000d, X=12, Y=-185, nWidth=0, nHeight=55, hWndParent=0x150390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) [0143.995] SetWindowLongW (hWnd=0x901ea, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0143.995] GetWindowLongW (hWnd=0x901ea, nIndex=-4) returned 1861937536 [0143.996] SetWindowLongW (hWnd=0x901ea, nIndex=-4, dwNewLong=76495590) returned 1861937536 [0143.996] GetWindowLongW (hWnd=0x901ea, nIndex=-4) returned 76495590 [0143.997] GetWindowLongW (hWnd=0x901ea, nIndex=-16) returned 1174405133 [0143.997] GetWindowLongW (hWnd=0x901ea, nIndex=-12) returned 0 [0143.997] SetWindowLongW (hWnd=0x901ea, nIndex=-12, dwNewLong=590314) returned 0 [0144.001] SetWindowTextW (hWnd=0x901ea, lpString="Next, E-mail your transaction ID to the following address:") [0144.003] SendMessageW (hWnd=0x901ea, Msg=0x2210, wParam=0x1ea0001, lParam=0x901ea) [0144.016] GetWindowTextLengthW (hWnd=0x602f4) [0144.019] GetCurrentActCtx (in: lphActCtx=0x19ee8c | out: lphActCtx=0x19ee8c*=0x8a376c) returned 1 [0144.020] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0144.021] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0144.021] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName="Please send n Bitcoin(s) to the following BTC address:", dwStyle=0x5600000d, X=12, Y=-290, nWidth=0, nHeight=55, hWndParent=0x150390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) [0144.021] SetWindowLongW (hWnd=0x702f4, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0144.021] GetWindowLongW (hWnd=0x702f4, nIndex=-4) returned 1861937536 [0144.022] SetWindowLongW (hWnd=0x702f4, nIndex=-4, dwNewLong=76495910) returned 1861937536 [0144.023] GetWindowLongW (hWnd=0x702f4, nIndex=-4) returned 76495910 [0144.023] GetWindowLongW (hWnd=0x702f4, nIndex=-16) returned 1174405133 [0144.023] GetWindowLongW (hWnd=0x702f4, nIndex=-12) returned 0 [0144.023] SetWindowLongW (hWnd=0x702f4, nIndex=-12, dwNewLong=459508) returned 0 [0144.026] SetWindowTextW (hWnd=0x702f4, lpString="Please send n Bitcoin(s) to the following BTC address:") [0144.028] SendMessageW (hWnd=0x702f4, Msg=0x2210, wParam=0x2f40001, lParam=0x702f4) [0144.046] GetCurrentActCtx (in: lphActCtx=0x19ee8c | out: lphActCtx=0x19ee8c*=0x8a376c) returned 1 [0144.046] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0144.047] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0144.047] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.STATIC.app.0.141b42a_r10_ad1", lpWindowName="Your files (count: n) have been encrypted!", dwStyle=0x5600000d, X=12, Y=-432, nWidth=0, nHeight=55, hWndParent=0x150390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) [0144.048] SetWindowLongW (hWnd=0x90048, nIndex=-4, dwNewLong=1861937536) returned 76482910 [0144.048] GetWindowLongW (hWnd=0x90048, nIndex=-4) returned 1861937536 [0144.050] SetWindowLongW (hWnd=0x90048, nIndex=-4, dwNewLong=76496310) returned 1861937536 [0144.050] GetWindowLongW (hWnd=0x90048, nIndex=-4) returned 76496310 [0144.051] GetWindowLongW (hWnd=0x90048, nIndex=-16) returned 1174405133 [0144.051] GetWindowLongW (hWnd=0x90048, nIndex=-12) returned 0 [0144.051] SetWindowLongW (hWnd=0x90048, nIndex=-12, dwNewLong=589896) returned 0 [0144.054] SetWindowTextW (hWnd=0x90048, lpString="Your files (count: n) have been encrypted!") [0144.084] GetCurrentActCtx (in: lphActCtx=0x19ee8c | out: lphActCtx=0x19ee8c*=0x8a376c) returned 1 [0144.085] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ef70000 [0144.086] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0144.086] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x56000000, X=298, Y=12, nWidth=0, nHeight=0, hWndParent=0x150390, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x402fe [0144.087] SetWindowLongW (hWnd=0x402fe, nIndex=-4, dwNewLong=1949894624) returned 76481982 [0144.087] GetWindowLongW (hWnd=0x402fe, nIndex=-4) returned 1949894624 [0144.090] SetWindowLongW (hWnd=0x402fe, nIndex=-4, dwNewLong=76496190) returned 1949894624 [0144.090] GetWindowLongW (hWnd=0x402fe, nIndex=-4) returned 76496190 [0144.090] GetWindowLongW (hWnd=0x402fe, nIndex=-16) returned 1174405120 [0144.090] GetWindowLongW (hWnd=0x402fe, nIndex=-12) returned 0 [0144.090] SetWindowLongW (hWnd=0x402fe, nIndex=-12, dwNewLong=262910) returned 0 [0144.092] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x81, wParam=0x0, lParam=0x19e8b0) returned 0x1 [0144.093] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x83, wParam=0x0, lParam=0x19e89c) returned 0x0 [0144.094] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x1, wParam=0x0, lParam=0x19e8b0) returned 0x0 [0144.094] GetWindow (hWnd=0x402fe, uCmd=0x3) returned 0x90048 [0144.094] GetClientRect (in: hWnd=0x402fe, lpRect=0x19e5dc | out: lpRect=0x19e5dc) returned 1 [0144.094] GetWindowRect (in: hWnd=0x402fe, lpRect=0x19e5dc | out: lpRect=0x19e5dc) returned 1 [0144.094] GetParent (hWnd=0x402fe) returned 0x150390 [0144.094] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e5dc, cPoints=0x2 | out: lpPoints=0x19e5dc) returned -54525952 [0144.096] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0144.096] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x3, wParam=0x0, lParam=0xc012a) returned 0x0 [0144.096] GetClientRect (in: hWnd=0x402fe, lpRect=0x19e634 | out: lpRect=0x19e634) returned 1 [0144.096] GetWindowRect (in: hWnd=0x402fe, lpRect=0x19e634 | out: lpRect=0x19e634) returned 1 [0144.097] GetParent (hWnd=0x402fe) returned 0x150390 [0144.097] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e634, cPoints=0x2 | out: lpPoints=0x19e634) returned -54525952 [0144.097] SendMessageW (hWnd=0x402fe, Msg=0x2210, wParam=0x2fe0001, lParam=0x402fe) returned 0x0 [0144.097] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x2210, wParam=0x2fe0001, lParam=0x402fe) returned 0x0 [0144.097] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0144.098] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x46, wParam=0x0, lParam=0x19e8c4) returned 0x0 [0144.100] CallWindowProcW (lpPrevWndFunc=0x743907e0, hWnd=0x402fe, Msg=0x47, wParam=0x0, lParam=0x19e8c4) returned 0x0 [0144.100] GetClientRect (in: hWnd=0x402fe, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0144.100] GetWindowRect (in: hWnd=0x402fe, lpRect=0x19e604 | out: lpRect=0x19e604) returned 1 [0144.100] GetParent (hWnd=0x402fe) returned 0x150390 [0144.100] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x150390, lpPoints=0x19e604, cPoints=0x2 | out: lpPoints=0x19e604) returned -54525952 [0144.100] GetParent (hWnd=0x402fe) returned 0x150390 [0144.100] GetParent (hWnd=0x402fe) returned 0x150390 [0144.100] GetParent (hWnd=0x702a8) returned 0x150390 [0144.101] GetParent (hWnd=0x502ea) returned 0x150390 [0144.101] GetParent (hWnd=0x602ce) returned 0x150390 [0144.101] GetParent (hWnd=0xb0148) returned 0x150390 [0144.101] GetParent (hWnd=0x901ea) returned 0x150390 [0144.101] GetParent (hWnd=0x702f4) returned 0x150390 [0144.101] GetParent (hWnd=0x90048) returned 0x150390 [0144.101] GetParent (hWnd=0x402fe) returned 0x150390 [0144.103] SetWindowPlacement (hWnd=0x150390, lpwndpl=0x19f028) returned 1 [0144.103] GetWindowTextLengthW (hWnd=0x702f4) returned 54 [0144.103] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702f4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x36 [0144.104] GetSystemMetrics (nIndex=42) returned 0 [0144.104] GetWindowTextW (in: hWnd=0x702f4, lpString=0x19ef2c, nMaxCount=55 | out: lpString="Please send n Bitcoin(s) to the following BTC address:") returned 54 [0144.104] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702f4, Msg=0xd, wParam=0x37, lParam=0x19ef2c) returned 0x36 [0144.105] GetWindowTextLengthW (hWnd=0x702f4) returned 54 [0144.105] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702f4, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x36 [0144.105] GetSystemMetrics (nIndex=42) returned 0 [0144.105] GetWindowTextW (in: hWnd=0x702f4, lpString=0x19ef28, nMaxCount=55 | out: lpString="Please send n Bitcoin(s) to the following BTC address:") returned 54 [0144.106] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702f4, Msg=0xd, wParam=0x37, lParam=0x19ef28) returned 0x36 [0144.106] SetWindowTextW (hWnd=0x702f4, lpString="Please send 1 Bitcoin(s) to the following BTC address:") returned 1 [0144.106] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702f4, Msg=0xc, wParam=0x0, lParam=0x22e8a84) returned 0x1 [0144.107] GetStockObject (i=5) returned 0x1900015 [0144.108] GetDlgItem (hDlg=0x150390, nIDDlgItem=459508) returned 0x702f4 [0144.109] SendMessageW (hWnd=0x702f4, Msg=0x202b, wParam=0x702f4, lParam=0x19eafc) returned 0x0 [0144.109] CallWindowProcW (lpPrevWndFunc=0x6efae980, hWnd=0x702f4, Msg=0x202b, wParam=0x702f4, lParam=0x19eafc) returned 0x0 [0144.110] InvalidateRect (hWnd=0x702f4, lpRect=0x0, bErase=1) returned 1 [0144.111] GetWindowTextLengthW (hWnd=0xb0148) returned 34 [0144.111] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x22 [0144.111] GetSystemMetrics (nIndex=42) returned 0 [0144.111] GetWindowTextW (in: hWnd=0xb0148, lpString=0x19ef54, nMaxCount=35 | out: lpString="1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1") returned 34 [0144.111] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0xb0148, Msg=0xd, wParam=0x23, lParam=0x19ef54) returned 0x22 [0144.112] GetWindowTextLengthW (hWnd=0x602ce) returned 33 [0144.112] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x21 [0144.112] GetSystemMetrics (nIndex=42) returned 0 [0144.112] GetWindowTextW (in: hWnd=0x602ce, lpString=0x19ef58, nMaxCount=34 | out: lpString="friendly.cyber.criminal@gmail.com") returned 33 [0144.112] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xd, wParam=0x22, lParam=0x19ef58) returned 0x21 [0144.112] GetWindowTextLengthW (hWnd=0x602ce) returned 33 [0144.113] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x21 [0144.113] GetSystemMetrics (nIndex=42) returned 0 [0144.113] GetWindowTextW (in: hWnd=0x602ce, lpString=0x19ef40, nMaxCount=34 | out: lpString="friendly.cyber.criminal@gmail.com") returned 33 [0144.113] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xd, wParam=0x22, lParam=0x19ef40) returned 0x21 [0144.113] GetWindowTextLengthW (hWnd=0x602ce) returned 33 [0144.113] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x21 [0144.114] GetSystemMetrics (nIndex=42) returned 0 [0144.114] GetWindowTextW (in: hWnd=0x602ce, lpString=0x19ef28, nMaxCount=34 | out: lpString="friendly.cyber.criminal@gmail.com") returned 33 [0144.114] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xd, wParam=0x22, lParam=0x19ef28) returned 0x21 [0144.114] GetWindowTextLengthW (hWnd=0x602ce) returned 33 [0144.115] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x21 [0144.115] GetSystemMetrics (nIndex=42) returned 0 [0144.115] GetWindowTextW (in: hWnd=0x602ce, lpString=0x19ef14, nMaxCount=34 | out: lpString="friendly.cyber.criminal@gmail.com") returned 33 [0144.115] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xd, wParam=0x22, lParam=0x19ef14) returned 0x21 [0144.115] SetWindowTextW (hWnd=0x602ce, lpString="this.email.address@gmail.com") returned 1 [0144.115] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xc, wParam=0x0, lParam=0x22e8b00) returned 0x1 [0144.116] SendMessageW (hWnd=0x602ce, Msg=0x2111, wParam=0x40002ce, lParam=0x602ce) returned 0x0 [0144.116] SendMessageW (hWnd=0x602ce, Msg=0x2111, wParam=0x30002ce, lParam=0x602ce) returned 0x0 [0144.117] SendMessageW (hWnd=0x602ce, Msg=0xb9, wParam=0x0, lParam=0x0) returned 0x1 [0144.117] CallWindowProcW (lpPrevWndFunc=0x6f00c330, hWnd=0x602ce, Msg=0xb9, wParam=0x0, lParam=0x0) returned 0x1 [0144.118] IsWindowVisible (hWnd=0x702f4) returned 1 [0144.159] IsWindowEnabled (hWnd=0x702f4) returned 1 [0144.160] SetFocus (hWnd=0x702f4) returned 0x0 [0144.160] GetFocus () returned 0x0 [0144.160] GetFocus () returned 0x0 [0144.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eff0) returned 1 [0144.295] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0144.392] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19eacc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0144.414] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*", lpFindFileData=0x19ed18 | out: lpFindFileData=0x19ed18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50577a5b, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0x50577a5b, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7270 [0144.444] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50577a5b, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0x50577a5b, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.445] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf101a410, ftCreationTime.dwHighDateTime=0x1d6fd3c, ftLastAccessTime.dwLowDateTime=0xeaca5850, ftLastAccessTime.dwHighDateTime=0x1d6fe70, ftLastWriteTime.dwLowDateTime=0xeaca5850, ftLastWriteTime.dwHighDateTime=0x1d6fe70, nFileSizeHigh=0x0, nFileSizeLow=0x1255e, dwReserved0=0x0, dwReserved1=0x0, cFileName="29g_baTP7KEHQ7Ea.flv", cAlternateFileName="29G_BA~1.FLV")) returned 1 [0144.447] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18cca740, ftCreationTime.dwHighDateTime=0x1d6fe5c, ftLastAccessTime.dwLowDateTime=0x2babf870, ftLastAccessTime.dwHighDateTime=0x1d70370, ftLastWriteTime.dwLowDateTime=0x2babf870, ftLastWriteTime.dwHighDateTime=0x1d70370, nFileSizeHigh=0x0, nFileSizeLow=0xa5ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="32wEhmM49-3-4u.mp3", cAlternateFileName="32WEHM~1.MP3")) returned 1 [0144.448] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56e92b10, ftCreationTime.dwHighDateTime=0x1d70236, ftLastAccessTime.dwLowDateTime=0xa5659b50, ftLastAccessTime.dwHighDateTime=0x1d70a2b, ftLastWriteTime.dwLowDateTime=0xa5659b50, ftLastWriteTime.dwHighDateTime=0x1d70a2b, nFileSizeHigh=0x0, nFileSizeLow=0xbdf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3vkfe1aMIgx2zhSpBLmx.xls", cAlternateFileName="3VKFE1~1.XLS")) returned 1 [0144.448] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78105d90, ftCreationTime.dwHighDateTime=0x1d6fc50, ftLastAccessTime.dwLowDateTime=0x3e74eac0, ftLastAccessTime.dwHighDateTime=0x1d7040b, ftLastWriteTime.dwLowDateTime=0x3e74eac0, ftLastWriteTime.dwHighDateTime=0x1d7040b, nFileSizeHigh=0x0, nFileSizeLow=0x106ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="4H7Dw8rK.m4a", cAlternateFileName="")) returned 1 [0144.448] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ecdcf40, ftCreationTime.dwHighDateTime=0x1d7069a, ftLastAccessTime.dwLowDateTime=0x21e120b0, ftLastAccessTime.dwHighDateTime=0x1d709bd, ftLastWriteTime.dwLowDateTime=0x21e120b0, ftLastWriteTime.dwHighDateTime=0x1d709bd, nFileSizeHigh=0x0, nFileSizeLow=0xd42f, dwReserved0=0x0, dwReserved1=0x0, cFileName="6IKEg23J8Cgwjafy8.mp3", cAlternateFileName="6IKEG2~1.MP3")) returned 1 [0144.449] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d592170, ftCreationTime.dwHighDateTime=0x1d70063, ftLastAccessTime.dwLowDateTime=0xe7de4660, ftLastAccessTime.dwHighDateTime=0x1d7063b, ftLastWriteTime.dwLowDateTime=0xe7de4660, ftLastWriteTime.dwHighDateTime=0x1d7063b, nFileSizeHigh=0x0, nFileSizeLow=0xd73, dwReserved0=0x0, dwReserved1=0x0, cFileName="ByAFUAxIt0mt9ks.rtf", cAlternateFileName="BYAFUA~1.RTF")) returned 1 [0144.449] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2831adc0, ftCreationTime.dwHighDateTime=0x1d70a1e, ftLastAccessTime.dwLowDateTime=0x73b0c580, ftLastAccessTime.dwHighDateTime=0x1d70a5d, ftLastWriteTime.dwLowDateTime=0x73b0c580, ftLastWriteTime.dwHighDateTime=0x1d70a5d, nFileSizeHigh=0x0, nFileSizeLow=0x64dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="cRVfQf RsMZIE.mkv", cAlternateFileName="CRVFQF~1.MKV")) returned 1 [0144.449] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.450] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6720480, ftCreationTime.dwHighDateTime=0x1d70a39, ftLastAccessTime.dwLowDateTime=0xd0e9f050, ftLastAccessTime.dwHighDateTime=0x1d70a76, ftLastWriteTime.dwLowDateTime=0xd0e9f050, ftLastWriteTime.dwHighDateTime=0x1d70a76, nFileSizeHigh=0x0, nFileSizeLow=0x6fbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="DOGQAg6cAT1rQ.jpg", cAlternateFileName="DOGQAG~1.JPG")) returned 1 [0144.450] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7afe4500, ftCreationTime.dwHighDateTime=0x1d6fedd, ftLastAccessTime.dwLowDateTime=0x2c5f9f50, ftLastAccessTime.dwHighDateTime=0x1d70655, ftLastWriteTime.dwLowDateTime=0x2c5f9f50, ftLastWriteTime.dwHighDateTime=0x1d70655, nFileSizeHigh=0x0, nFileSizeLow=0x16bb9, dwReserved0=0x0, dwReserved1=0x0, cFileName="E5TWmF3WT.png", cAlternateFileName="E5TWMF~1.PNG")) returned 1 [0144.450] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdf9fac0, ftCreationTime.dwHighDateTime=0x1d6fbe1, ftLastAccessTime.dwLowDateTime=0xfd499690, ftLastAccessTime.dwHighDateTime=0x1d709c3, ftLastWriteTime.dwLowDateTime=0xfd499690, ftLastWriteTime.dwHighDateTime=0x1d709c3, nFileSizeHigh=0x0, nFileSizeLow=0x4696, dwReserved0=0x0, dwReserved1=0x0, cFileName="ehl9xf1c5iczi.gif", cAlternateFileName="EHL9XF~1.GIF")) returned 1 [0144.450] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x134197b0, ftCreationTime.dwHighDateTime=0x1d7048b, ftLastAccessTime.dwLowDateTime=0x2427c630, ftLastAccessTime.dwHighDateTime=0x1d705a8, ftLastWriteTime.dwLowDateTime=0x2427c630, ftLastWriteTime.dwHighDateTime=0x1d705a8, nFileSizeHigh=0x0, nFileSizeLow=0x3a4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eSnQZAd3O3h2-YvUE.wav", cAlternateFileName="ESNQZA~1.WAV")) returned 1 [0144.451] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c8a9f10, ftCreationTime.dwHighDateTime=0x1d6febc, ftLastAccessTime.dwLowDateTime=0xcc928600, ftLastAccessTime.dwHighDateTime=0x1d70866, ftLastWriteTime.dwLowDateTime=0xcc928600, ftLastWriteTime.dwHighDateTime=0x1d70866, nFileSizeHigh=0x0, nFileSizeLow=0xc111, dwReserved0=0x0, dwReserved1=0x0, cFileName="h_yu.odt", cAlternateFileName="")) returned 1 [0144.451] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d2d62a0, ftCreationTime.dwHighDateTime=0x1d7029d, ftLastAccessTime.dwLowDateTime=0x441107f0, ftLastAccessTime.dwHighDateTime=0x1d70a2a, ftLastWriteTime.dwLowDateTime=0x441107f0, ftLastWriteTime.dwHighDateTime=0x1d70a2a, nFileSizeHigh=0x0, nFileSizeLow=0x895c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ItM2LhWvoIdX.gif", cAlternateFileName="ITM2LH~1.GIF")) returned 1 [0144.451] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8911f7b0, ftCreationTime.dwHighDateTime=0x1d6fe3b, ftLastAccessTime.dwLowDateTime=0x5983e5b0, ftLastAccessTime.dwHighDateTime=0x1d6ff6e, ftLastWriteTime.dwLowDateTime=0x5983e5b0, ftLastWriteTime.dwHighDateTime=0x1d6ff6e, nFileSizeHigh=0x0, nFileSizeLow=0x61d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="IWg3C.swf", cAlternateFileName="")) returned 1 [0144.452] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeec65610, ftCreationTime.dwHighDateTime=0x1d704bb, ftLastAccessTime.dwLowDateTime=0xe646910, ftLastAccessTime.dwHighDateTime=0x1d70801, ftLastWriteTime.dwLowDateTime=0xe646910, ftLastWriteTime.dwHighDateTime=0x1d70801, nFileSizeHigh=0x0, nFileSizeLow=0x159b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="kENL.swf", cAlternateFileName="")) returned 1 [0144.452] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac5dcc50, ftCreationTime.dwHighDateTime=0x1d6fe52, ftLastAccessTime.dwLowDateTime=0xc561db0, ftLastAccessTime.dwHighDateTime=0x1d7037b, ftLastWriteTime.dwLowDateTime=0xc561db0, ftLastWriteTime.dwHighDateTime=0x1d7037b, nFileSizeHigh=0x0, nFileSizeLow=0x179c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="lh2msU.png", cAlternateFileName="")) returned 1 [0144.453] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a1a7370, ftCreationTime.dwHighDateTime=0x1d703cd, ftLastAccessTime.dwLowDateTime=0x8346b870, ftLastAccessTime.dwHighDateTime=0x1d70868, ftLastWriteTime.dwLowDateTime=0x8346b870, ftLastWriteTime.dwHighDateTime=0x1d70868, nFileSizeHigh=0x0, nFileSizeLow=0xdb50, dwReserved0=0x0, dwReserved1=0x0, cFileName="NqUxb8BqNUsRq.gif", cAlternateFileName="NQUXB8~1.GIF")) returned 1 [0144.453] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33447930, ftCreationTime.dwHighDateTime=0x1d7088f, ftLastAccessTime.dwLowDateTime=0xae1aa590, ftLastAccessTime.dwHighDateTime=0x1d70929, ftLastWriteTime.dwLowDateTime=0xae1aa590, ftLastWriteTime.dwHighDateTime=0x1d70929, nFileSizeHigh=0x0, nFileSizeLow=0x79ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="O7nNQUR.xlsx", cAlternateFileName="O7NNQU~1.XLS")) returned 1 [0144.453] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd79e9dd0, ftCreationTime.dwHighDateTime=0x1d6fddb, ftLastAccessTime.dwLowDateTime=0x4934cac0, ftLastAccessTime.dwHighDateTime=0x1d7094c, ftLastWriteTime.dwLowDateTime=0x4934cac0, ftLastWriteTime.dwHighDateTime=0x1d7094c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OQ4qXRvS", cAlternateFileName="")) returned 1 [0144.454] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2852e000, ftCreationTime.dwHighDateTime=0x1d7033c, ftLastAccessTime.dwLowDateTime=0x88517390, ftLastAccessTime.dwHighDateTime=0x1d70a80, ftLastWriteTime.dwLowDateTime=0x88517390, ftLastWriteTime.dwHighDateTime=0x1d70a80, nFileSizeHigh=0x0, nFileSizeLow=0xbf8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q7pVVdbXxo.png", cAlternateFileName="Q7PVVD~1.PNG")) returned 1 [0144.454] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23550120, ftCreationTime.dwHighDateTime=0x1d6fbc9, ftLastAccessTime.dwLowDateTime=0xcc0c6150, ftLastAccessTime.dwHighDateTime=0x1d700ab, ftLastWriteTime.dwLowDateTime=0xcc0c6150, ftLastWriteTime.dwHighDateTime=0x1d700ab, nFileSizeHigh=0x0, nFileSizeLow=0xfcea, dwReserved0=0x0, dwReserved1=0x0, cFileName="t6XN8ja3HMuFowM.flv", cAlternateFileName="T6XN8J~1.FLV")) returned 1 [0144.454] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6fa4760, ftCreationTime.dwHighDateTime=0x1d701fb, ftLastAccessTime.dwLowDateTime=0xda2fa60, ftLastAccessTime.dwHighDateTime=0x1d70a5d, ftLastWriteTime.dwLowDateTime=0xda2fa60, ftLastWriteTime.dwHighDateTime=0x1d70a5d, nFileSizeHigh=0x0, nFileSizeLow=0x17a2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="UmtbxbsKtyZHLBBT.docx", cAlternateFileName="UMTBXB~1.DOC")) returned 1 [0144.455] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x241b5d80, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0x24b3f400, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb7449b00, ftLastWriteTime.dwHighDateTime=0x1d72d71, nFileSizeHigh=0x0, nFileSizeLow=0x14be00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsFormsApp1.exe", cAlternateFileName="WINDOW~1.EXE")) returned 1 [0144.455] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.456] FindClose (in: hFindFile=0x8a7270 | out: hFindFile=0x8a7270) returned 1 [0144.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efb0) returned 1 [0144.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efbc) returned 1 [0144.461] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0146.185] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv.crypted", lpFilePart=0x0) returned 0x3a [0146.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0146.187] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\29g_batp7kehq7ea.flv.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0146.193] GetFileType (hFile=0x358) returned 0x1 [0146.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0146.194] GetFileType (hFile=0x358) returned 0x1 [0146.259] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19efe0 | out: pfEnabled=0x19efe0) returned 0x0 [0149.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv", lpFilePart=0x0) returned 0x32 [0149.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0149.640] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\29g_batp7kehq7ea.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0149.641] GetFileType (hFile=0x384) returned 0x1 [0149.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0149.641] GetFileType (hFile=0x384) returned 0x1 [0149.645] ReadFile (in: hFile=0x384, lpBuffer=0x35575e0, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x35575e0*, lpNumberOfBytesRead=0x19efa8*=0x1255e, lpOverlapped=0x0) returned 1 [0149.896] WriteFile (in: hFile=0x358, lpBuffer=0x23e0e2c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23e0e2c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0149.898] WriteFile (in: hFile=0x358, lpBuffer=0x23e753c*, nNumberOfBytesToWrite=0x11570, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23e753c*, lpNumberOfBytesWritten=0x19ef80*=0x11570, lpOverlapped=0x0) returned 1 [0149.900] ReadFile (in: hFile=0x384, lpBuffer=0x35575e0, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x35575e0*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0149.901] CloseHandle (hObject=0x384) returned 1 [0149.902] WriteFile (in: hFile=0x358, lpBuffer=0x23e0e2c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23e0e2c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0149.902] CloseHandle (hObject=0x358) returned 1 [0149.908] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv", lpFilePart=0x0) returned 0x32 [0149.909] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\29g_baTP7KEHQ7Ea.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\29g_batp7kehq7ea.flv")) returned 1 [0149.920] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3.crypted", lpFilePart=0x0) returned 0x38 [0149.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0149.921] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\32wehmm49-3-4u.mp3.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0149.921] GetFileType (hFile=0x358) returned 0x1 [0149.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0149.922] GetFileType (hFile=0x358) returned 0x1 [0152.583] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3", lpFilePart=0x0) returned 0x30 [0152.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0152.583] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\32wehmm49-3-4u.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0152.584] GetFileType (hFile=0x384) returned 0x1 [0152.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0152.584] GetFileType (hFile=0x384) returned 0x1 [0152.588] ReadFile (in: hFile=0x384, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0xa5ed, lpOverlapped=0x0) returned 1 [0152.605] WriteFile (in: hFile=0x358, lpBuffer=0x22ddf24*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x22ddf24*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0152.607] WriteFile (in: hFile=0x358, lpBuffer=0x22e046c*, nNumberOfBytesToWrite=0x9600, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x22e046c*, lpNumberOfBytesWritten=0x19ef80*=0x9600, lpOverlapped=0x0) returned 1 [0152.609] ReadFile (in: hFile=0x384, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0152.609] CloseHandle (hObject=0x384) returned 1 [0152.610] WriteFile (in: hFile=0x358, lpBuffer=0x22ddf24*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x22ddf24*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0152.610] CloseHandle (hObject=0x358) returned 1 [0152.628] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3", lpFilePart=0x0) returned 0x30 [0152.628] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\32wEhmM49-3-4u.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\32wehmm49-3-4u.mp3")) returned 1 [0152.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls.crypted", lpFilePart=0x0) returned 0x3e [0152.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0152.643] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3vkfe1amigx2zhspblmx.xls.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0152.646] GetFileType (hFile=0x358) returned 0x1 [0152.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0152.646] GetFileType (hFile=0x358) returned 0x1 [0153.008] GetTickCount () returned 0x1724dba [0154.735] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls", lpFilePart=0x0) returned 0x36 [0154.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0154.735] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3vkfe1amigx2zhspblmx.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0154.736] GetFileType (hFile=0x384) returned 0x1 [0154.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0154.736] GetFileType (hFile=0x384) returned 0x1 [0154.740] ReadFile (in: hFile=0x384, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0xbdf0, lpOverlapped=0x0) returned 1 [0154.758] WriteFile (in: hFile=0x358, lpBuffer=0x23cc41c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23cc41c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0154.760] WriteFile (in: hFile=0x358, lpBuffer=0x23ce97c*, nNumberOfBytesToWrite=0xae10, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23ce97c*, lpNumberOfBytesWritten=0x19ef80*=0xae10, lpOverlapped=0x0) returned 1 [0154.761] ReadFile (in: hFile=0x384, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0154.761] CloseHandle (hObject=0x384) returned 1 [0154.762] WriteFile (in: hFile=0x358, lpBuffer=0x23cc41c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23cc41c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0154.762] CloseHandle (hObject=0x358) returned 1 [0154.766] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls", lpFilePart=0x0) returned 0x36 [0154.766] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3vkfe1aMIgx2zhSpBLmx.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3vkfe1amigx2zhspblmx.xls")) returned 1 [0154.781] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a.crypted", lpFilePart=0x0) returned 0x32 [0154.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0154.782] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\4h7dw8rk.m4a.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0154.785] GetFileType (hFile=0x358) returned 0x1 [0154.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0154.786] GetFileType (hFile=0x358) returned 0x1 [0156.720] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a", lpFilePart=0x0) returned 0x2a [0156.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0156.720] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\4h7dw8rk.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0156.720] GetFileType (hFile=0x384) returned 0x1 [0156.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0156.721] GetFileType (hFile=0x384) returned 0x1 [0156.726] ReadFile (in: hFile=0x384, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x106ae, lpOverlapped=0x0) returned 1 [0156.747] WriteFile (in: hFile=0x358, lpBuffer=0x24bc1b4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24bc1b4*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0156.749] WriteFile (in: hFile=0x358, lpBuffer=0x24be6e4*, nNumberOfBytesToWrite=0xf6c0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24be6e4*, lpNumberOfBytesWritten=0x19ef80*=0xf6c0, lpOverlapped=0x0) returned 1 [0156.751] ReadFile (in: hFile=0x384, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0156.751] CloseHandle (hObject=0x384) returned 1 [0156.752] WriteFile (in: hFile=0x358, lpBuffer=0x24bc1b4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24bc1b4*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0156.752] CloseHandle (hObject=0x358) returned 1 [0156.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a", lpFilePart=0x0) returned 0x2a [0156.758] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4H7Dw8rK.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\4h7dw8rk.m4a")) returned 1 [0156.766] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3.crypted", lpFilePart=0x0) returned 0x3b [0156.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0156.767] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6ikeg23j8cgwjafy8.mp3.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0156.769] GetFileType (hFile=0x358) returned 0x1 [0156.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0156.769] GetFileType (hFile=0x358) returned 0x1 [0159.271] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3", lpFilePart=0x0) returned 0x33 [0159.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0159.272] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6ikeg23j8cgwjafy8.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0159.275] GetFileType (hFile=0x394) returned 0x1 [0159.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0159.276] GetFileType (hFile=0x394) returned 0x1 [0159.282] ReadFile (in: hFile=0x394, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0xd42f, lpOverlapped=0x0) returned 1 [0159.300] WriteFile (in: hFile=0x358, lpBuffer=0x23b1960*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23b1960*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0159.356] WriteFile (in: hFile=0x358, lpBuffer=0x23b3eb0*, nNumberOfBytesToWrite=0xc440, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23b3eb0*, lpNumberOfBytesWritten=0x19ef80*=0xc440, lpOverlapped=0x0) returned 1 [0159.358] ReadFile (in: hFile=0x394, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0159.360] CloseHandle (hObject=0x394) returned 1 [0159.360] WriteFile (in: hFile=0x358, lpBuffer=0x23b1960*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23b1960*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0159.361] CloseHandle (hObject=0x358) returned 1 [0159.391] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3", lpFilePart=0x0) returned 0x33 [0159.392] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\6IKEg23J8Cgwjafy8.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\6ikeg23j8cgwjafy8.mp3")) returned 1 [0159.408] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf.crypted", lpFilePart=0x0) returned 0x39 [0159.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0159.409] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\byafuaxit0mt9ks.rtf.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0159.414] GetFileType (hFile=0x358) returned 0x1 [0159.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0159.415] GetFileType (hFile=0x358) returned 0x1 [0161.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf", lpFilePart=0x0) returned 0x31 [0161.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0161.347] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\byafuaxit0mt9ks.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0161.349] GetFileType (hFile=0x394) returned 0x1 [0161.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0161.350] GetFileType (hFile=0x394) returned 0x1 [0161.355] ReadFile (in: hFile=0x394, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0xd73, lpOverlapped=0x0) returned 1 [0161.390] ReadFile (in: hFile=0x394, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0161.390] CloseHandle (hObject=0x394) returned 1 [0161.391] WriteFile (in: hFile=0x358, lpBuffer=0x24a1530*, nNumberOfBytesToWrite=0xda0, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24a1530*, lpNumberOfBytesWritten=0x19ef58*=0xda0, lpOverlapped=0x0) returned 1 [0161.393] CloseHandle (hObject=0x358) returned 1 [0161.399] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf", lpFilePart=0x0) returned 0x31 [0161.399] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ByAFUAxIt0mt9ks.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\byafuaxit0mt9ks.rtf")) returned 1 [0161.462] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv.crypted", lpFilePart=0x0) returned 0x37 [0161.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0161.463] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\crvfqf rsmzie.mkv.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0161.468] GetFileType (hFile=0x358) returned 0x1 [0161.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0161.468] GetFileType (hFile=0x358) returned 0x1 [0163.332] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv", lpFilePart=0x0) returned 0x2f [0163.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0163.332] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\crvfqf rsmzie.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0163.333] GetFileType (hFile=0x394) returned 0x1 [0163.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0163.333] GetFileType (hFile=0x394) returned 0x1 [0163.347] ReadFile (in: hFile=0x394, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x64dc, lpOverlapped=0x0) returned 1 [0163.362] WriteFile (in: hFile=0x358, lpBuffer=0x2384a64*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2384a64*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0163.364] WriteFile (in: hFile=0x358, lpBuffer=0x2386fa4*, nNumberOfBytesToWrite=0x54f0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2386fa4*, lpNumberOfBytesWritten=0x19ef80*=0x54f0, lpOverlapped=0x0) returned 1 [0163.365] ReadFile (in: hFile=0x394, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0163.365] CloseHandle (hObject=0x394) returned 1 [0163.365] WriteFile (in: hFile=0x358, lpBuffer=0x2384a64*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2384a64*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0163.365] CloseHandle (hObject=0x358) returned 1 [0163.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv", lpFilePart=0x0) returned 0x2f [0163.383] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\cRVfQf RsMZIE.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\crvfqf rsmzie.mkv")) returned 1 [0163.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini.crypted", lpFilePart=0x0) returned 0x31 [0163.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0163.402] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0163.406] GetFileType (hFile=0x358) returned 0x1 [0163.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0163.406] GetFileType (hFile=0x358) returned 0x1 [0164.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x29 [0164.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0164.849] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0164.849] GetFileType (hFile=0x394) returned 0x1 [0164.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0164.849] GetFileType (hFile=0x394) returned 0x1 [0164.852] ReadFile (in: hFile=0x394, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x11a, lpOverlapped=0x0) returned 1 [0164.862] ReadFile (in: hFile=0x394, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0164.862] CloseHandle (hObject=0x394) returned 1 [0164.862] WriteFile (in: hFile=0x358, lpBuffer=0x2470dc4*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2470dc4*, lpNumberOfBytesWritten=0x19ef58*=0x140, lpOverlapped=0x0) returned 1 [0164.863] CloseHandle (hObject=0x358) returned 1 [0165.560] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x29 [0165.560] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini")) returned 1 [0165.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg.crypted", lpFilePart=0x0) returned 0x37 [0165.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0165.569] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\dogqag6cat1rq.jpg.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0165.571] GetFileType (hFile=0x358) returned 0x1 [0165.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0165.571] GetFileType (hFile=0x358) returned 0x1 [0167.123] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg", lpFilePart=0x0) returned 0x2f [0167.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0167.124] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\dogqag6cat1rq.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0167.125] GetFileType (hFile=0x394) returned 0x1 [0167.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0167.125] GetFileType (hFile=0x394) returned 0x1 [0167.129] ReadFile (in: hFile=0x394, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x6fbf, lpOverlapped=0x0) returned 1 [0167.166] WriteFile (in: hFile=0x358, lpBuffer=0x235371c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x235371c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0167.169] WriteFile (in: hFile=0x358, lpBuffer=0x2355c5c*, nNumberOfBytesToWrite=0x5fd0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2355c5c*, lpNumberOfBytesWritten=0x19ef80*=0x5fd0, lpOverlapped=0x0) returned 1 [0167.170] ReadFile (in: hFile=0x394, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0167.170] CloseHandle (hObject=0x394) returned 1 [0167.170] WriteFile (in: hFile=0x358, lpBuffer=0x235371c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x235371c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0167.170] CloseHandle (hObject=0x358) returned 1 [0167.178] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg", lpFilePart=0x0) returned 0x2f [0167.179] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\DOGQAg6cAT1rQ.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\dogqag6cat1rq.jpg")) returned 1 [0167.187] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png.crypted", lpFilePart=0x0) returned 0x33 [0167.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0167.188] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e5twmf3wt.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0167.191] GetFileType (hFile=0x358) returned 0x1 [0167.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0167.192] GetFileType (hFile=0x358) returned 0x1 [0168.858] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png", lpFilePart=0x0) returned 0x2b [0168.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0168.858] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e5twmf3wt.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0168.859] GetFileType (hFile=0x394) returned 0x1 [0168.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0168.859] GetFileType (hFile=0x394) returned 0x1 [0168.864] ReadFile (in: hFile=0x394, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x16bb9, lpOverlapped=0x0) returned 1 [0168.953] WriteFile (in: hFile=0x358, lpBuffer=0x243cf64*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x243cf64*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0168.955] WriteFile (in: hFile=0x358, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x15bd0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef80*=0x15bd0, lpOverlapped=0x0) returned 1 [0168.958] ReadFile (in: hFile=0x394, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0168.962] CloseHandle (hObject=0x394) returned 1 [0168.963] WriteFile (in: hFile=0x358, lpBuffer=0x243cf64*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x243cf64*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0168.964] CloseHandle (hObject=0x358) returned 1 [0168.977] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png", lpFilePart=0x0) returned 0x2b [0168.977] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\E5TWmF3WT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e5twmf3wt.png")) returned 1 [0168.992] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif.crypted", lpFilePart=0x0) returned 0x37 [0168.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0168.992] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ehl9xf1c5iczi.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0168.996] GetFileType (hFile=0x358) returned 0x1 [0168.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0168.996] GetFileType (hFile=0x358) returned 0x1 [0172.486] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif", lpFilePart=0x0) returned 0x2f [0172.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0172.486] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ehl9xf1c5iczi.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0172.487] GetFileType (hFile=0x394) returned 0x1 [0172.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0172.487] GetFileType (hFile=0x394) returned 0x1 [0172.493] ReadFile (in: hFile=0x394, lpBuffer=0x3427118, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3427118*, lpNumberOfBytesRead=0x19efa8*=0x4696, lpOverlapped=0x0) returned 1 [0172.495] WriteFile (in: hFile=0x358, lpBuffer=0x232138c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x232138c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0172.497] WriteFile (in: hFile=0x358, lpBuffer=0x23238cc*, nNumberOfBytesToWrite=0x36b0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23238cc*, lpNumberOfBytesWritten=0x19ef80*=0x36b0, lpOverlapped=0x0) returned 1 [0172.498] ReadFile (in: hFile=0x394, lpBuffer=0x3427118, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3427118*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0172.498] CloseHandle (hObject=0x394) returned 1 [0172.499] WriteFile (in: hFile=0x358, lpBuffer=0x232138c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x232138c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0172.499] CloseHandle (hObject=0x358) returned 1 [0172.505] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif", lpFilePart=0x0) returned 0x2f [0172.505] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ehl9xf1c5iczi.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ehl9xf1c5iczi.gif")) returned 1 [0172.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav.crypted", lpFilePart=0x0) returned 0x3b [0172.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0172.528] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\esnqzad3o3h2-yvue.wav.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0172.542] GetFileType (hFile=0x358) returned 0x1 [0172.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0172.542] GetFileType (hFile=0x358) returned 0x1 [0174.153] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav", lpFilePart=0x0) returned 0x33 [0174.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0174.153] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\esnqzad3o3h2-yvue.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0174.154] GetFileType (hFile=0x394) returned 0x1 [0174.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0174.154] GetFileType (hFile=0x394) returned 0x1 [0174.161] ReadFile (in: hFile=0x394, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x3a4e, lpOverlapped=0x0) returned 1 [0174.178] WriteFile (in: hFile=0x358, lpBuffer=0x2408404*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2408404*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0174.181] WriteFile (in: hFile=0x358, lpBuffer=0x240a954*, nNumberOfBytesToWrite=0x2a60, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x240a954*, lpNumberOfBytesWritten=0x19ef80*=0x2a60, lpOverlapped=0x0) returned 1 [0174.181] ReadFile (in: hFile=0x394, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0174.182] CloseHandle (hObject=0x394) returned 1 [0174.182] WriteFile (in: hFile=0x358, lpBuffer=0x2408404*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2408404*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0174.183] CloseHandle (hObject=0x358) returned 1 [0174.188] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav", lpFilePart=0x0) returned 0x33 [0174.188] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\eSnQZAd3O3h2-YvUE.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\esnqzad3o3h2-yvue.wav")) returned 1 [0174.195] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt.crypted", lpFilePart=0x0) returned 0x2e [0174.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0174.195] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\h_yu.odt.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0174.197] GetFileType (hFile=0x358) returned 0x1 [0174.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0174.197] GetFileType (hFile=0x358) returned 0x1 [0176.057] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt", lpFilePart=0x0) returned 0x26 [0176.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0176.057] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\h_yu.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0176.058] GetFileType (hFile=0x394) returned 0x1 [0176.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0176.059] GetFileType (hFile=0x394) returned 0x1 [0176.062] ReadFile (in: hFile=0x394, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0xc111, lpOverlapped=0x0) returned 1 [0176.110] WriteFile (in: hFile=0x358, lpBuffer=0x22eeb70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x22eeb70*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0176.113] WriteFile (in: hFile=0x358, lpBuffer=0x22f1090*, nNumberOfBytesToWrite=0xb130, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x22f1090*, lpNumberOfBytesWritten=0x19ef80*=0xb130, lpOverlapped=0x0) returned 1 [0176.114] ReadFile (in: hFile=0x394, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0176.115] CloseHandle (hObject=0x394) returned 1 [0176.115] WriteFile (in: hFile=0x358, lpBuffer=0x22eeb70*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x22eeb70*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0176.116] CloseHandle (hObject=0x358) returned 1 [0176.123] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt", lpFilePart=0x0) returned 0x26 [0176.124] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\h_yu.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\h_yu.odt")) returned 1 [0176.130] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif.crypted", lpFilePart=0x0) returned 0x36 [0176.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0176.131] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\itm2lhwvoidx.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0176.133] GetFileType (hFile=0x358) returned 0x1 [0176.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0176.134] GetFileType (hFile=0x358) returned 0x1 [0178.055] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif", lpFilePart=0x0) returned 0x2e [0178.055] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0178.055] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\itm2lhwvoidx.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0178.056] GetFileType (hFile=0x394) returned 0x1 [0178.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0178.056] GetFileType (hFile=0x394) returned 0x1 [0178.061] ReadFile (in: hFile=0x394, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x895c, lpOverlapped=0x0) returned 1 [0178.087] WriteFile (in: hFile=0x358, lpBuffer=0x23e100c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23e100c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0178.089] WriteFile (in: hFile=0x358, lpBuffer=0x23e354c*, nNumberOfBytesToWrite=0x7970, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23e354c*, lpNumberOfBytesWritten=0x19ef80*=0x7970, lpOverlapped=0x0) returned 1 [0178.105] ReadFile (in: hFile=0x394, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0178.105] CloseHandle (hObject=0x394) returned 1 [0178.105] WriteFile (in: hFile=0x358, lpBuffer=0x23e100c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23e100c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0178.105] CloseHandle (hObject=0x358) returned 1 [0178.110] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif", lpFilePart=0x0) returned 0x2e [0178.110] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ItM2LhWvoIdX.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\itm2lhwvoidx.gif")) returned 1 [0178.115] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf.crypted", lpFilePart=0x0) returned 0x2f [0178.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0178.115] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iwg3c.swf.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0178.117] GetFileType (hFile=0x358) returned 0x1 [0178.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0178.117] GetFileType (hFile=0x358) returned 0x1 [0180.039] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf", lpFilePart=0x0) returned 0x27 [0180.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0180.039] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iwg3c.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0180.040] GetFileType (hFile=0x394) returned 0x1 [0180.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0180.040] GetFileType (hFile=0x394) returned 0x1 [0180.044] ReadFile (in: hFile=0x394, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x61d7, lpOverlapped=0x0) returned 1 [0180.057] WriteFile (in: hFile=0x358, lpBuffer=0x24cc3e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24cc3e0*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0180.058] WriteFile (in: hFile=0x358, lpBuffer=0x24ce900*, nNumberOfBytesToWrite=0x51f0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24ce900*, lpNumberOfBytesWritten=0x19ef80*=0x51f0, lpOverlapped=0x0) returned 1 [0180.059] ReadFile (in: hFile=0x394, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0180.059] CloseHandle (hObject=0x394) returned 1 [0180.060] WriteFile (in: hFile=0x358, lpBuffer=0x24cc3e0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24cc3e0*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0180.060] CloseHandle (hObject=0x358) returned 1 [0180.099] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf", lpFilePart=0x0) returned 0x27 [0180.099] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IWg3C.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iwg3c.swf")) returned 1 [0180.104] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf.crypted", lpFilePart=0x0) returned 0x2e [0180.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0180.104] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kenl.swf.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0180.106] GetFileType (hFile=0x358) returned 0x1 [0180.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0180.107] GetFileType (hFile=0x358) returned 0x1 [0181.559] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf", lpFilePart=0x0) returned 0x26 [0181.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0181.560] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kenl.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0181.560] GetFileType (hFile=0x394) returned 0x1 [0181.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0181.561] GetFileType (hFile=0x394) returned 0x1 [0181.565] ReadFile (in: hFile=0x394, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x159b2, lpOverlapped=0x0) returned 1 [0181.653] WriteFile (in: hFile=0x358, lpBuffer=0x23b5004*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23b5004*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0181.654] WriteFile (in: hFile=0x358, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x149d0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef80*=0x149d0, lpOverlapped=0x0) returned 1 [0181.658] ReadFile (in: hFile=0x394, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0181.662] CloseHandle (hObject=0x394) returned 1 [0181.662] WriteFile (in: hFile=0x358, lpBuffer=0x23b5004*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23b5004*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0181.662] CloseHandle (hObject=0x358) returned 1 [0181.670] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf", lpFilePart=0x0) returned 0x26 [0181.670] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\kENL.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kenl.swf")) returned 1 [0181.674] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png.crypted", lpFilePart=0x0) returned 0x30 [0181.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0181.674] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lh2msu.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0181.675] GetFileType (hFile=0x358) returned 0x1 [0181.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0181.675] GetFileType (hFile=0x358) returned 0x1 [0183.654] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png", lpFilePart=0x0) returned 0x28 [0183.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0183.655] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lh2msu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0183.655] GetFileType (hFile=0x394) returned 0x1 [0183.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0183.655] GetFileType (hFile=0x394) returned 0x1 [0183.662] ReadFile (in: hFile=0x394, lpBuffer=0x3425f18, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3425f18*, lpNumberOfBytesRead=0x19efa8*=0x179c5, lpOverlapped=0x0) returned 1 [0183.668] WriteFile (in: hFile=0x358, lpBuffer=0x24992fc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24992fc*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0183.669] WriteFile (in: hFile=0x358, lpBuffer=0x3526f18*, nNumberOfBytesToWrite=0x169e0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3526f18*, lpNumberOfBytesWritten=0x19ef80*=0x169e0, lpOverlapped=0x0) returned 1 [0183.671] ReadFile (in: hFile=0x394, lpBuffer=0x3425f18, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3425f18*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0183.671] CloseHandle (hObject=0x394) returned 1 [0183.672] WriteFile (in: hFile=0x358, lpBuffer=0x24992fc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24992fc*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0183.672] CloseHandle (hObject=0x358) returned 1 [0183.682] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png", lpFilePart=0x0) returned 0x28 [0183.682] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lh2msU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lh2msu.png")) returned 1 [0183.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif.crypted", lpFilePart=0x0) returned 0x37 [0183.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0183.688] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nquxb8bqnusrq.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0183.689] GetFileType (hFile=0x358) returned 0x1 [0183.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0183.689] GetFileType (hFile=0x358) returned 0x1 [0185.598] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif", lpFilePart=0x0) returned 0x2f [0185.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0185.598] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nquxb8bqnusrq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0185.598] GetFileType (hFile=0x394) returned 0x1 [0185.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0185.598] GetFileType (hFile=0x394) returned 0x1 [0185.601] ReadFile (in: hFile=0x394, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0xdb50, lpOverlapped=0x0) returned 1 [0185.619] WriteFile (in: hFile=0x358, lpBuffer=0x237bf2c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x237bf2c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0185.620] WriteFile (in: hFile=0x358, lpBuffer=0x237e46c*, nNumberOfBytesToWrite=0xcb70, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x237e46c*, lpNumberOfBytesWritten=0x19ef80*=0xcb70, lpOverlapped=0x0) returned 1 [0185.621] ReadFile (in: hFile=0x394, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0185.621] CloseHandle (hObject=0x394) returned 1 [0185.622] WriteFile (in: hFile=0x358, lpBuffer=0x237bf2c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x237bf2c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0185.622] CloseHandle (hObject=0x358) returned 1 [0185.627] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif", lpFilePart=0x0) returned 0x2f [0185.627] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NqUxb8BqNUsRq.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nquxb8bqnusrq.gif")) returned 1 [0185.632] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx.crypted", lpFilePart=0x0) returned 0x32 [0185.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0185.633] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\o7nnqur.xlsx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0185.637] GetFileType (hFile=0x358) returned 0x1 [0185.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0185.638] GetFileType (hFile=0x358) returned 0x1 [0187.201] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx", lpFilePart=0x0) returned 0x2a [0187.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0187.201] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\o7nnqur.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0187.201] GetFileType (hFile=0x394) returned 0x1 [0187.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0187.230] GetFileType (hFile=0x394) returned 0x1 [0187.234] ReadFile (in: hFile=0x394, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x79ac, lpOverlapped=0x0) returned 1 [0187.249] WriteFile (in: hFile=0x358, lpBuffer=0x246e0cc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x246e0cc*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0187.253] WriteFile (in: hFile=0x358, lpBuffer=0x24705fc*, nNumberOfBytesToWrite=0x69c0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24705fc*, lpNumberOfBytesWritten=0x19ef80*=0x69c0, lpOverlapped=0x0) returned 1 [0187.254] ReadFile (in: hFile=0x394, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0187.254] CloseHandle (hObject=0x394) returned 1 [0187.254] WriteFile (in: hFile=0x358, lpBuffer=0x246e0cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x246e0cc*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0187.254] CloseHandle (hObject=0x358) returned 1 [0187.280] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx", lpFilePart=0x0) returned 0x2a [0187.280] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\O7nNQUR.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\o7nnqur.xlsx")) returned 1 [0187.287] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png.crypted", lpFilePart=0x0) returned 0x34 [0187.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0187.288] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\q7pvvdbxxo.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0187.337] GetFileType (hFile=0x358) returned 0x1 [0187.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0187.337] GetFileType (hFile=0x358) returned 0x1 [0189.162] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png", lpFilePart=0x0) returned 0x2c [0189.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0189.163] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\q7pvvdbxxo.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0189.163] GetFileType (hFile=0x394) returned 0x1 [0189.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0189.163] GetFileType (hFile=0x394) returned 0x1 [0189.167] ReadFile (in: hFile=0x394, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0xbf8b, lpOverlapped=0x0) returned 1 [0189.182] WriteFile (in: hFile=0x358, lpBuffer=0x235850c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x235850c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0189.183] WriteFile (in: hFile=0x358, lpBuffer=0x235aa44*, nNumberOfBytesToWrite=0xafa0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x235aa44*, lpNumberOfBytesWritten=0x19ef80*=0xafa0, lpOverlapped=0x0) returned 1 [0189.184] ReadFile (in: hFile=0x394, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0189.186] CloseHandle (hObject=0x394) returned 1 [0189.186] WriteFile (in: hFile=0x358, lpBuffer=0x235850c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x235850c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0189.186] CloseHandle (hObject=0x358) returned 1 [0189.193] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png", lpFilePart=0x0) returned 0x2c [0189.193] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q7pVVdbXxo.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\q7pvvdbxxo.png")) returned 1 [0189.203] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv.crypted", lpFilePart=0x0) returned 0x39 [0189.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0189.206] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t6xn8ja3hmufowm.flv.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0189.207] GetFileType (hFile=0x358) returned 0x1 [0189.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0189.207] GetFileType (hFile=0x358) returned 0x1 [0190.990] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv", lpFilePart=0x0) returned 0x31 [0190.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0190.990] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t6xn8ja3hmufowm.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0190.991] GetFileType (hFile=0x394) returned 0x1 [0190.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0190.991] GetFileType (hFile=0x394) returned 0x1 [0190.994] ReadFile (in: hFile=0x394, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0xfcea, lpOverlapped=0x0) returned 1 [0191.009] WriteFile (in: hFile=0x358, lpBuffer=0x24471d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24471d0*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0191.010] WriteFile (in: hFile=0x358, lpBuffer=0x2449718*, nNumberOfBytesToWrite=0xed00, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2449718*, lpNumberOfBytesWritten=0x19ef80*=0xed00, lpOverlapped=0x0) returned 1 [0191.012] ReadFile (in: hFile=0x394, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0191.012] CloseHandle (hObject=0x394) returned 1 [0191.012] WriteFile (in: hFile=0x358, lpBuffer=0x24471d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24471d0*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0191.012] CloseHandle (hObject=0x358) returned 1 [0191.018] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv", lpFilePart=0x0) returned 0x31 [0191.018] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t6XN8ja3HMuFowM.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t6xn8ja3hmufowm.flv")) returned 1 [0191.025] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx.crypted", lpFilePart=0x0) returned 0x3b [0191.025] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0191.025] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\umtbxbsktyzhlbbt.docx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0191.026] GetFileType (hFile=0x358) returned 0x1 [0191.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0191.027] GetFileType (hFile=0x358) returned 0x1 [0198.823] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx", lpFilePart=0x0) returned 0x33 [0198.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0198.825] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\umtbxbsktyzhlbbt.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0198.826] GetFileType (hFile=0x394) returned 0x1 [0198.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0198.826] GetFileType (hFile=0x394) returned 0x1 [0198.829] ReadFile (in: hFile=0x394, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x17a2b, lpOverlapped=0x0) returned 1 [0198.900] WriteFile (in: hFile=0x358, lpBuffer=0x2331878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2331878*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0198.902] WriteFile (in: hFile=0x358, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x16a40, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef80*=0x16a40, lpOverlapped=0x0) returned 1 [0198.904] ReadFile (in: hFile=0x394, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0198.910] CloseHandle (hObject=0x394) returned 1 [0198.910] WriteFile (in: hFile=0x358, lpBuffer=0x2331878*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2331878*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0198.911] CloseHandle (hObject=0x358) returned 1 [0198.917] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx", lpFilePart=0x0) returned 0x33 [0198.917] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\UmtbxbsKtyZHLBBT.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\umtbxbsktyzhlbbt.docx")) returned 1 [0198.923] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe.crypted", lpFilePart=0x0) returned 0x3a [0198.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0198.924] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\windowsformsapp1.exe.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0198.925] GetFileType (hFile=0x358) returned 0x1 [0198.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0198.925] GetFileType (hFile=0x358) returned 0x1 [0200.713] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe", lpFilePart=0x0) returned 0x32 [0200.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0200.713] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WindowsFormsApp1.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\windowsformsapp1.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0201.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5c0) returned 1 [0201.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eff0) returned 1 [0201.765] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures", lpFilePart=0x0) returned 0x1e [0201.766] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\", nBufferLength=0x105, lpBuffer=0x19eacc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\", lpFilePart=0x0) returned 0x1f [0201.766] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\*", lpFindFileData=0x19ed18 | out: lpFindFileData=0x19ed18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58538b08, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x58538b08, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a72b0 [0201.767] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58538b08, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x58538b08, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0201.769] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd6f66b0, ftCreationTime.dwHighDateTime=0x1d6fd43, ftLastAccessTime.dwLowDateTime=0x6c30c850, ftLastAccessTime.dwHighDateTime=0x1d7070b, ftLastWriteTime.dwLowDateTime=0x6c30c850, ftLastWriteTime.dwHighDateTime=0x1d7070b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-JfZX1yolDrQOV0dKF", cAlternateFileName="-JFZX1~1")) returned 1 [0201.770] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1283b80, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0x57420d20, ftLastAccessTime.dwHighDateTime=0x1d7004c, ftLastWriteTime.dwLowDateTime=0x57420d20, ftLastWriteTime.dwHighDateTime=0x1d7004c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-VKddreP", cAlternateFileName="")) returned 1 [0201.770] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc7c56e0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd4be75c0, ftLastAccessTime.dwHighDateTime=0x1d70a67, ftLastWriteTime.dwLowDateTime=0xd4be75c0, ftLastWriteTime.dwHighDateTime=0x1d70a67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6oRmBG", cAlternateFileName="")) returned 1 [0201.771] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0201.771] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8511580, ftCreationTime.dwHighDateTime=0x1d6ff70, ftLastAccessTime.dwLowDateTime=0xc02eafd0, ftLastAccessTime.dwHighDateTime=0x1d70850, ftLastWriteTime.dwLowDateTime=0xc02eafd0, ftLastWriteTime.dwHighDateTime=0x1d70850, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ddsJ", cAlternateFileName="")) returned 1 [0201.772] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0201.772] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e1ffa10, ftCreationTime.dwHighDateTime=0x1d7043e, ftLastAccessTime.dwLowDateTime=0x3a532b70, ftLastAccessTime.dwHighDateTime=0x1d70756, ftLastWriteTime.dwLowDateTime=0x3a532b70, ftLastWriteTime.dwHighDateTime=0x1d70756, nFileSizeHigh=0x0, nFileSizeLow=0x19d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="g9MMgrRsjdjl6y_K.bmp", cAlternateFileName="G9MMGR~1.BMP")) returned 1 [0201.773] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6de148f0, ftCreationTime.dwHighDateTime=0x1d70783, ftLastAccessTime.dwLowDateTime=0x741b08c0, ftLastAccessTime.dwHighDateTime=0x1d707db, ftLastWriteTime.dwLowDateTime=0x741b08c0, ftLastWriteTime.dwHighDateTime=0x1d707db, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="m7eajC2", cAlternateFileName="")) returned 1 [0201.773] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0201.774] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3973f90, ftCreationTime.dwHighDateTime=0x1d70579, ftLastAccessTime.dwLowDateTime=0x66af2cd0, ftLastAccessTime.dwHighDateTime=0x1d70622, ftLastWriteTime.dwLowDateTime=0x66af2cd0, ftLastWriteTime.dwHighDateTime=0x1d70622, nFileSizeHigh=0x0, nFileSizeLow=0xe086, dwReserved0=0x0, dwReserved1=0x0, cFileName="U212.bmp", cAlternateFileName="")) returned 1 [0201.774] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0201.774] FindClose (in: hFindFile=0x8a72b0 | out: hFindFile=0x8a72b0) returned 1 [0201.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efb0) returned 1 [0201.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efbc) returned 1 [0201.778] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini.crypted", lpFilePart=0x0) returned 0x32 [0201.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0201.779] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0201.779] GetFileType (hFile=0x394) returned 0x1 [0201.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0201.780] GetFileType (hFile=0x394) returned 0x1 [0203.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x2a [0203.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0203.426] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0203.426] GetFileType (hFile=0x398) returned 0x1 [0203.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0203.426] GetFileType (hFile=0x398) returned 0x1 [0203.435] ReadFile (in: hFile=0x398, lpBuffer=0x3427f88, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3427f88*, lpNumberOfBytesRead=0x19efa8*=0x1f8, lpOverlapped=0x0) returned 1 [0203.437] ReadFile (in: hFile=0x398, lpBuffer=0x3427f88, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3427f88*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0203.437] CloseHandle (hObject=0x398) returned 1 [0203.437] WriteFile (in: hFile=0x394, lpBuffer=0x230008c*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x230008c*, lpNumberOfBytesWritten=0x19ef58*=0x220, lpOverlapped=0x0) returned 1 [0203.438] CloseHandle (hObject=0x394) returned 1 [0203.445] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x2a [0203.445] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini")) returned 1 [0203.449] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp.crypted", lpFilePart=0x0) returned 0x3b [0203.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0203.449] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\g9mmgrrsjdjl6y_k.bmp.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0203.450] GetFileType (hFile=0x394) returned 0x1 [0203.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0203.450] GetFileType (hFile=0x394) returned 0x1 [0204.773] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp", lpFilePart=0x0) returned 0x33 [0204.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0204.773] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\g9mmgrrsjdjl6y_k.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0204.774] GetFileType (hFile=0x398) returned 0x1 [0204.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0204.774] GetFileType (hFile=0x398) returned 0x1 [0204.779] ReadFile (in: hFile=0x398, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x19d0, lpOverlapped=0x0) returned 1 [0204.796] WriteFile (in: hFile=0x394, lpBuffer=0x23e5090*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23e5090*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0204.798] ReadFile (in: hFile=0x398, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0204.798] CloseHandle (hObject=0x398) returned 1 [0204.798] WriteFile (in: hFile=0x394, lpBuffer=0x23e5090*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23e5090*, lpNumberOfBytesWritten=0x19ef58*=0xa00, lpOverlapped=0x0) returned 1 [0204.799] CloseHandle (hObject=0x394) returned 1 [0204.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp", lpFilePart=0x0) returned 0x33 [0204.803] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\g9MMgrRsjdjl6y_K.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\g9mmgrrsjdjl6y_k.bmp")) returned 1 [0204.811] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp.crypted", lpFilePart=0x0) returned 0x2f [0204.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0204.811] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\u212.bmp.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0204.812] GetFileType (hFile=0x394) returned 0x1 [0204.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0204.812] GetFileType (hFile=0x394) returned 0x1 [0206.132] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp", lpFilePart=0x0) returned 0x27 [0206.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0206.133] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\u212.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x398 [0206.133] GetFileType (hFile=0x398) returned 0x1 [0206.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0206.134] GetFileType (hFile=0x398) returned 0x1 [0206.138] ReadFile (in: hFile=0x398, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0xe086, lpOverlapped=0x0) returned 1 [0206.160] WriteFile (in: hFile=0x394, lpBuffer=0x24cb8dc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24cb8dc*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0206.161] WriteFile (in: hFile=0x394, lpBuffer=0x24cddfc*, nNumberOfBytesToWrite=0xd0a0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24cddfc*, lpNumberOfBytesWritten=0x19ef80*=0xd0a0, lpOverlapped=0x0) returned 1 [0206.163] ReadFile (in: hFile=0x398, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0206.164] CloseHandle (hObject=0x398) returned 1 [0206.164] WriteFile (in: hFile=0x394, lpBuffer=0x24cb8dc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24cb8dc*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0206.164] CloseHandle (hObject=0x394) returned 1 [0206.168] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp", lpFilePart=0x0) returned 0x27 [0206.168] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\U212.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\u212.bmp")) returned 1 [0206.171] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eff0) returned 1 [0206.172] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures", lpFilePart=0x0) returned 0x1e [0206.172] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\", nBufferLength=0x105, lpBuffer=0x19eacc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\", lpFilePart=0x0) returned 0x1f [0206.172] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\*", lpFindFileData=0x19ed18 | out: lpFindFileData=0x19ed18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58538b08, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0xa1ab9115, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7330 [0206.173] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58538b08, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0xa1ab9115, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0206.174] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd6f66b0, ftCreationTime.dwHighDateTime=0x1d6fd43, ftLastAccessTime.dwLowDateTime=0x6c30c850, ftLastAccessTime.dwHighDateTime=0x1d7070b, ftLastWriteTime.dwLowDateTime=0x6c30c850, ftLastWriteTime.dwHighDateTime=0x1d7070b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-JfZX1yolDrQOV0dKF", cAlternateFileName="-JFZX1~1")) returned 1 [0206.174] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1283b80, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0x57420d20, ftLastAccessTime.dwHighDateTime=0x1d7004c, ftLastWriteTime.dwLowDateTime=0x57420d20, ftLastWriteTime.dwHighDateTime=0x1d7004c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-VKddreP", cAlternateFileName="")) returned 1 [0206.175] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc7c56e0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd4be75c0, ftLastAccessTime.dwHighDateTime=0x1d70a67, ftLastWriteTime.dwLowDateTime=0xd4be75c0, ftLastWriteTime.dwHighDateTime=0x1d70a67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6oRmBG", cAlternateFileName="")) returned 1 [0206.175] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0206.175] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8511580, ftCreationTime.dwHighDateTime=0x1d6ff70, ftLastAccessTime.dwLowDateTime=0xc02eafd0, ftLastAccessTime.dwHighDateTime=0x1d70850, ftLastWriteTime.dwLowDateTime=0xc02eafd0, ftLastWriteTime.dwHighDateTime=0x1d70850, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ddsJ", cAlternateFileName="")) returned 1 [0206.175] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f0d8993, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0x9f0d8993, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa00bde6e, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x220, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.crypted", cAlternateFileName="DESKTO~1.CRY")) returned 1 [0206.176] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa00c7bc5, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa00c7bc5, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa0db122d, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="g9MMgrRsjdjl6y_K.bmp.crypted", cAlternateFileName="G9MMGR~1.CRY")) returned 1 [0206.176] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6de148f0, ftCreationTime.dwHighDateTime=0x1d70783, ftLastAccessTime.dwLowDateTime=0x741b08c0, ftLastAccessTime.dwHighDateTime=0x1d707db, ftLastWriteTime.dwLowDateTime=0x741b08c0, ftLastWriteTime.dwHighDateTime=0x1d707db, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="m7eajC2", cAlternateFileName="")) returned 1 [0206.176] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0206.177] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0dc5d97, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa0dc5d97, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa1ab4d38, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe0b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="U212.bmp.crypted", cAlternateFileName="U212BM~1.CRY")) returned 1 [0206.177] FindNextFileW (in: hFindFile=0x8a7330, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0dc5d97, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa0dc5d97, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa1ab4d38, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe0b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="U212.bmp.crypted", cAlternateFileName="U212BM~1.CRY")) returned 0 [0206.177] FindClose (in: hFindFile=0x8a7330 | out: hFindFile=0x8a7330) returned 1 [0206.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efb0) returned 1 [0206.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efbc) returned 1 [0206.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0206.178] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF", lpFilePart=0x0) returned 0x31 [0206.178] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\", lpFilePart=0x0) returned 0x32 [0206.178] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd6f66b0, ftCreationTime.dwHighDateTime=0x1d6fd43, ftLastAccessTime.dwLowDateTime=0x6c30c850, ftLastAccessTime.dwHighDateTime=0x1d7070b, ftLastWriteTime.dwLowDateTime=0x6c30c850, ftLastWriteTime.dwHighDateTime=0x1d7070b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7670 [0206.179] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd6f66b0, ftCreationTime.dwHighDateTime=0x1d6fd43, ftLastAccessTime.dwLowDateTime=0x6c30c850, ftLastAccessTime.dwHighDateTime=0x1d7070b, ftLastWriteTime.dwLowDateTime=0x6c30c850, ftLastWriteTime.dwHighDateTime=0x1d7070b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0206.179] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x889b4230, ftCreationTime.dwHighDateTime=0x1d7018a, ftLastAccessTime.dwLowDateTime=0xbf940150, ftLastAccessTime.dwHighDateTime=0x1d706ee, ftLastWriteTime.dwLowDateTime=0xbf940150, ftLastWriteTime.dwHighDateTime=0x1d706ee, nFileSizeHigh=0x0, nFileSizeLow=0x345f, dwReserved0=0x0, dwReserved1=0x0, cFileName="lla2.gif", cAlternateFileName="")) returned 1 [0206.179] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0206.180] FindClose (in: hFindFile=0x8a7670 | out: hFindFile=0x8a7670) returned 1 [0206.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0206.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0206.182] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif.crypted", lpFilePart=0x0) returned 0x42 [0206.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0206.182] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-jfzx1yoldrqov0dkf\\lla2.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0206.182] GetFileType (hFile=0x394) returned 0x1 [0206.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0206.182] GetFileType (hFile=0x394) returned 0x1 [0207.938] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif", lpFilePart=0x0) returned 0x3a [0207.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0207.939] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-jfzx1yoldrqov0dkf\\lla2.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0207.939] GetFileType (hFile=0x358) returned 0x1 [0207.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0207.940] GetFileType (hFile=0x358) returned 0x1 [0207.962] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x345f, lpOverlapped=0x0) returned 1 [0207.978] WriteFile (in: hFile=0x394, lpBuffer=0x23c2420*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x23c2420*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0207.980] WriteFile (in: hFile=0x394, lpBuffer=0x23c4968*, nNumberOfBytesToWrite=0x2470, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x23c4968*, lpNumberOfBytesWritten=0x19ef4c*=0x2470, lpOverlapped=0x0) returned 1 [0207.981] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0207.981] CloseHandle (hObject=0x358) returned 1 [0207.982] WriteFile (in: hFile=0x394, lpBuffer=0x23c2420*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x23c2420*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0207.982] CloseHandle (hObject=0x394) returned 1 [0207.988] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif", lpFilePart=0x0) returned 0x3a [0207.988] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\lla2.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-jfzx1yoldrqov0dkf\\lla2.gif")) returned 1 [0208.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0208.009] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF", lpFilePart=0x0) returned 0x31 [0208.009] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\", lpFilePart=0x0) returned 0x32 [0208.010] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-JfZX1yolDrQOV0dKF\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd6f66b0, ftCreationTime.dwHighDateTime=0x1d6fd43, ftLastAccessTime.dwLowDateTime=0x6c30c850, ftLastAccessTime.dwHighDateTime=0x1d7070b, ftLastWriteTime.dwLowDateTime=0xa2c40b6d, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a72b0 [0208.011] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd6f66b0, ftCreationTime.dwHighDateTime=0x1d6fd43, ftLastAccessTime.dwLowDateTime=0x6c30c850, ftLastAccessTime.dwHighDateTime=0x1d7070b, ftLastWriteTime.dwLowDateTime=0xa2c40b6d, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.012] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1ad78ec, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa1ad78ec, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa2c101ed, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x3480, dwReserved0=0x0, dwReserved1=0x0, cFileName="lla2.gif.crypted", cAlternateFileName="LLA2GI~1.CRY")) returned 1 [0208.012] FindNextFileW (in: hFindFile=0x8a72b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1ad78ec, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa1ad78ec, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa2c101ed, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x3480, dwReserved0=0x0, dwReserved1=0x0, cFileName="lla2.gif.crypted", cAlternateFileName="LLA2GI~1.CRY")) returned 0 [0208.013] FindClose (in: hFindFile=0x8a72b0 | out: hFindFile=0x8a72b0) returned 1 [0208.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0208.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0208.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0208.013] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP", lpFilePart=0x0) returned 0x27 [0208.013] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\", lpFilePart=0x0) returned 0x28 [0208.014] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1283b80, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0x57420d20, ftLastAccessTime.dwHighDateTime=0x1d7004c, ftLastWriteTime.dwLowDateTime=0x57420d20, ftLastWriteTime.dwHighDateTime=0x1d7004c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a75f0 [0208.014] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1283b80, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0x57420d20, ftLastAccessTime.dwHighDateTime=0x1d7004c, ftLastWriteTime.dwLowDateTime=0x57420d20, ftLastWriteTime.dwHighDateTime=0x1d7004c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.014] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c1a25e0, ftCreationTime.dwHighDateTime=0x1d701d0, ftLastAccessTime.dwLowDateTime=0xebb085b0, ftLastAccessTime.dwHighDateTime=0x1d7084c, ftLastWriteTime.dwLowDateTime=0xebb085b0, ftLastWriteTime.dwHighDateTime=0x1d7084c, nFileSizeHigh=0x0, nFileSizeLow=0x13e5e, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiQmPNkGQ5Aj.gif", cAlternateFileName="CIQMPN~1.GIF")) returned 1 [0208.015] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x377ad700, ftCreationTime.dwHighDateTime=0x1d6ff67, ftLastAccessTime.dwLowDateTime=0x13ab67d0, ftLastAccessTime.dwHighDateTime=0x1d70882, ftLastWriteTime.dwLowDateTime=0x13ab67d0, ftLastWriteTime.dwHighDateTime=0x1d70882, nFileSizeHigh=0x0, nFileSizeLow=0x15848, dwReserved0=0x0, dwReserved1=0x0, cFileName="EcWYWJ.bmp", cAlternateFileName="")) returned 1 [0208.015] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.015] FindClose (in: hFindFile=0x8a75f0 | out: hFindFile=0x8a75f0) returned 1 [0208.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0208.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0208.018] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif.crypted", lpFilePart=0x0) returned 0x40 [0208.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0208.018] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-vkddrep\\ciqmpnkgq5aj.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0208.019] GetFileType (hFile=0x394) returned 0x1 [0208.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0208.019] GetFileType (hFile=0x394) returned 0x1 [0209.534] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif", lpFilePart=0x0) returned 0x38 [0209.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0209.534] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-vkddrep\\ciqmpnkgq5aj.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0209.535] GetFileType (hFile=0x358) returned 0x1 [0209.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0209.535] GetFileType (hFile=0x358) returned 0x1 [0209.538] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0x13e5e, lpOverlapped=0x0) returned 1 [0209.554] WriteFile (in: hFile=0x394, lpBuffer=0x24a9cb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x24a9cb8*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0209.558] WriteFile (in: hFile=0x394, lpBuffer=0x24ac20c*, nNumberOfBytesToWrite=0x12e70, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x24ac20c*, lpNumberOfBytesWritten=0x19ef4c*=0x12e70, lpOverlapped=0x0) returned 1 [0209.560] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0209.560] CloseHandle (hObject=0x358) returned 1 [0209.560] WriteFile (in: hFile=0x394, lpBuffer=0x24a9cb8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x24a9cb8*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0209.560] CloseHandle (hObject=0x394) returned 1 [0209.564] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif", lpFilePart=0x0) returned 0x38 [0209.564] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\CiQmPNkGQ5Aj.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-vkddrep\\ciqmpnkgq5aj.gif")) returned 1 [0209.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp.crypted", lpFilePart=0x0) returned 0x3a [0209.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0209.570] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-vkddrep\\ecwywj.bmp.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0209.570] GetFileType (hFile=0x394) returned 0x1 [0209.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0209.570] GetFileType (hFile=0x394) returned 0x1 [0211.168] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp", lpFilePart=0x0) returned 0x32 [0211.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0211.168] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-vkddrep\\ecwywj.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0211.170] GetFileType (hFile=0x358) returned 0x1 [0211.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0211.170] GetFileType (hFile=0x358) returned 0x1 [0211.173] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19ef74*=0x15848, lpOverlapped=0x0) returned 1 [0211.237] WriteFile (in: hFile=0x394, lpBuffer=0x23a0aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x23a0aa8*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0211.239] WriteFile (in: hFile=0x394, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x14860, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef4c*=0x14860, lpOverlapped=0x0) returned 1 [0211.241] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0211.244] CloseHandle (hObject=0x358) returned 1 [0211.244] WriteFile (in: hFile=0x394, lpBuffer=0x23a0aa8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x23a0aa8*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0211.244] CloseHandle (hObject=0x394) returned 1 [0211.267] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp", lpFilePart=0x0) returned 0x32 [0211.267] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\EcWYWJ.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\-vkddrep\\ecwywj.bmp")) returned 1 [0211.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0211.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP", lpFilePart=0x0) returned 0x27 [0211.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\", lpFilePart=0x0) returned 0x28 [0211.276] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\-VKddreP\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1283b80, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0x57420d20, ftLastAccessTime.dwHighDateTime=0x1d7004c, ftLastWriteTime.dwLowDateTime=0xa4b6623e, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a78b0 [0211.280] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1283b80, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0x57420d20, ftLastAccessTime.dwHighDateTime=0x1d7004c, ftLastWriteTime.dwLowDateTime=0xa4b6623e, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.281] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2c5b99e, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa2c5b99e, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa3b18c94, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x13e80, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiQmPNkGQ5Aj.gif.crypted", cAlternateFileName="CIQMPN~1.CRY")) returned 1 [0211.281] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b278c8, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa3b278c8, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa4b31857, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x15870, dwReserved0=0x0, dwReserved1=0x0, cFileName="EcWYWJ.bmp.crypted", cAlternateFileName="ECWYWJ~1.CRY")) returned 1 [0211.281] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b278c8, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa3b278c8, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa4b31857, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x15870, dwReserved0=0x0, dwReserved1=0x0, cFileName="EcWYWJ.bmp.crypted", cAlternateFileName="ECWYWJ~1.CRY")) returned 0 [0211.281] FindClose (in: hFindFile=0x8a78b0 | out: hFindFile=0x8a78b0) returned 1 [0211.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0211.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0211.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0211.282] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG", lpFilePart=0x0) returned 0x25 [0211.282] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\", lpFilePart=0x0) returned 0x26 [0211.282] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc7c56e0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd4be75c0, ftLastAccessTime.dwHighDateTime=0x1d70a67, ftLastWriteTime.dwLowDateTime=0xd4be75c0, ftLastWriteTime.dwHighDateTime=0x1d70a67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a74f0 [0211.282] FindNextFileW (in: hFindFile=0x8a74f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc7c56e0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd4be75c0, ftLastAccessTime.dwHighDateTime=0x1d70a67, ftLastWriteTime.dwLowDateTime=0xd4be75c0, ftLastWriteTime.dwHighDateTime=0x1d70a67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.283] FindNextFileW (in: hFindFile=0x8a74f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a167d10, ftCreationTime.dwHighDateTime=0x1d703e6, ftLastAccessTime.dwLowDateTime=0x9fd8d410, ftLastAccessTime.dwHighDateTime=0x1d70493, ftLastWriteTime.dwLowDateTime=0x9fd8d410, ftLastWriteTime.dwHighDateTime=0x1d70493, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uOigE gFQrZv S", cAlternateFileName="UOIGEG~1")) returned 1 [0211.283] FindNextFileW (in: hFindFile=0x8a74f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a167d10, ftCreationTime.dwHighDateTime=0x1d703e6, ftLastAccessTime.dwLowDateTime=0x9fd8d410, ftLastAccessTime.dwHighDateTime=0x1d70493, ftLastWriteTime.dwLowDateTime=0x9fd8d410, ftLastWriteTime.dwHighDateTime=0x1d70493, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uOigE gFQrZv S", cAlternateFileName="UOIGEG~1")) returned 0 [0211.283] FindClose (in: hFindFile=0x8a74f0 | out: hFindFile=0x8a74f0) returned 1 [0211.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0211.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0211.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0211.283] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG", lpFilePart=0x0) returned 0x25 [0211.283] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\", lpFilePart=0x0) returned 0x26 [0211.283] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc7c56e0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd4be75c0, ftLastAccessTime.dwHighDateTime=0x1d70a67, ftLastWriteTime.dwLowDateTime=0xd4be75c0, ftLastWriteTime.dwHighDateTime=0x1d70a67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a74f0 [0211.284] FindNextFileW (in: hFindFile=0x8a74f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcc7c56e0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd4be75c0, ftLastAccessTime.dwHighDateTime=0x1d70a67, ftLastWriteTime.dwLowDateTime=0xd4be75c0, ftLastWriteTime.dwHighDateTime=0x1d70a67, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.284] FindNextFileW (in: hFindFile=0x8a74f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a167d10, ftCreationTime.dwHighDateTime=0x1d703e6, ftLastAccessTime.dwLowDateTime=0x9fd8d410, ftLastAccessTime.dwHighDateTime=0x1d70493, ftLastWriteTime.dwLowDateTime=0x9fd8d410, ftLastWriteTime.dwHighDateTime=0x1d70493, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uOigE gFQrZv S", cAlternateFileName="UOIGEG~1")) returned 1 [0211.284] FindNextFileW (in: hFindFile=0x8a74f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.284] FindClose (in: hFindFile=0x8a74f0 | out: hFindFile=0x8a74f0) returned 1 [0211.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0211.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0211.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef88) returned 1 [0211.285] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S", nBufferLength=0x105, lpBuffer=0x19ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S", lpFilePart=0x0) returned 0x34 [0211.285] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\", nBufferLength=0x105, lpBuffer=0x19ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\", lpFilePart=0x0) returned 0x35 [0211.285] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\*", lpFindFileData=0x19ecb0 | out: lpFindFileData=0x19ecb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a167d10, ftCreationTime.dwHighDateTime=0x1d703e6, ftLastAccessTime.dwLowDateTime=0x9fd8d410, ftLastAccessTime.dwHighDateTime=0x1d70493, ftLastWriteTime.dwLowDateTime=0x9fd8d410, ftLastWriteTime.dwHighDateTime=0x1d70493, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7270 [0211.285] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a167d10, ftCreationTime.dwHighDateTime=0x1d703e6, ftLastAccessTime.dwLowDateTime=0x9fd8d410, ftLastAccessTime.dwHighDateTime=0x1d70493, ftLastWriteTime.dwLowDateTime=0x9fd8d410, ftLastWriteTime.dwHighDateTime=0x1d70493, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.285] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2debbda0, ftCreationTime.dwHighDateTime=0x1d70802, ftLastAccessTime.dwLowDateTime=0x44d35740, ftLastAccessTime.dwHighDateTime=0x1d70a0e, ftLastWriteTime.dwLowDateTime=0x44d35740, ftLastWriteTime.dwHighDateTime=0x1d70a0e, nFileSizeHigh=0x0, nFileSizeLow=0x6761, dwReserved0=0x0, dwReserved1=0x0, cFileName="EghA ewGW4m.png", cAlternateFileName="EGHAEW~1.PNG")) returned 1 [0211.286] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5563490, ftCreationTime.dwHighDateTime=0x1d700c0, ftLastAccessTime.dwLowDateTime=0x813aef10, ftLastAccessTime.dwHighDateTime=0x1d70598, ftLastWriteTime.dwLowDateTime=0x813aef10, ftLastWriteTime.dwHighDateTime=0x1d70598, nFileSizeHigh=0x0, nFileSizeLow=0x17515, dwReserved0=0x0, dwReserved1=0x0, cFileName="hHEWCPQXSzJqw2.gif", cAlternateFileName="HHEWCP~1.GIF")) returned 1 [0211.286] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50193b90, ftCreationTime.dwHighDateTime=0x1d6fd45, ftLastAccessTime.dwLowDateTime=0x243be0b0, ftLastAccessTime.dwHighDateTime=0x1d707e8, ftLastWriteTime.dwLowDateTime=0x243be0b0, ftLastWriteTime.dwHighDateTime=0x1d707e8, nFileSizeHigh=0x0, nFileSizeLow=0xda95, dwReserved0=0x0, dwReserved1=0x0, cFileName="lBRcwvvbG mc7v.png", cAlternateFileName="LBRCWV~1.PNG")) returned 1 [0211.286] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1277f3d0, ftCreationTime.dwHighDateTime=0x1d70925, ftLastAccessTime.dwLowDateTime=0xb18b8080, ftLastAccessTime.dwHighDateTime=0x1d70a75, ftLastWriteTime.dwLowDateTime=0xb18b8080, ftLastWriteTime.dwHighDateTime=0x1d70a75, nFileSizeHigh=0x0, nFileSizeLow=0x5015, dwReserved0=0x0, dwReserved1=0x0, cFileName="_iiP8T0MRXllm1tfjbq.jpg", cAlternateFileName="_IIP8T~1.JPG")) returned 1 [0211.286] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0211.286] FindClose (in: hFindFile=0x8a7270 | out: hFindFile=0x8a7270) returned 1 [0211.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef48) returned 1 [0211.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef54) returned 1 [0211.288] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png.crypted", lpFilePart=0x0) returned 0x4c [0211.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0211.288] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\egha ewgw4m.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0211.289] GetFileType (hFile=0x394) returned 0x1 [0211.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0211.289] GetFileType (hFile=0x394) returned 0x1 [0213.172] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png", lpFilePart=0x0) returned 0x44 [0213.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0213.172] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\egha ewgw4m.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0213.174] GetFileType (hFile=0x358) returned 0x1 [0213.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0213.174] GetFileType (hFile=0x358) returned 0x1 [0213.184] ReadFile (in: hFile=0x358, lpBuffer=0x3425da8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3425da8*, lpNumberOfBytesRead=0x19ef40*=0x6761, lpOverlapped=0x0) returned 1 [0213.186] WriteFile (in: hFile=0x394, lpBuffer=0x2487778*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2487778*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0213.189] WriteFile (in: hFile=0x394, lpBuffer=0x2489ce0*, nNumberOfBytesToWrite=0x5780, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2489ce0*, lpNumberOfBytesWritten=0x19ef18*=0x5780, lpOverlapped=0x0) returned 1 [0213.190] ReadFile (in: hFile=0x358, lpBuffer=0x3425da8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3425da8*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0213.190] CloseHandle (hObject=0x358) returned 1 [0213.191] WriteFile (in: hFile=0x394, lpBuffer=0x2487778*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x2487778*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0213.191] CloseHandle (hObject=0x394) returned 1 [0213.196] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png", lpFilePart=0x0) returned 0x44 [0213.196] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\EghA ewGW4m.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\egha ewgw4m.png")) returned 1 [0213.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif.crypted", lpFilePart=0x0) returned 0x4f [0213.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0213.204] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\hhewcpqxszjqw2.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0213.205] GetFileType (hFile=0x394) returned 0x1 [0213.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0213.206] GetFileType (hFile=0x394) returned 0x1 [0215.053] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif", lpFilePart=0x0) returned 0x47 [0215.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0215.053] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\hhewcpqxszjqw2.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0215.054] GetFileType (hFile=0x358) returned 0x1 [0215.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0215.054] GetFileType (hFile=0x358) returned 0x1 [0215.057] ReadFile (in: hFile=0x358, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19ef40*=0x17515, lpOverlapped=0x0) returned 1 [0215.116] WriteFile (in: hFile=0x394, lpBuffer=0x2371074*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2371074*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0215.118] WriteFile (in: hFile=0x394, lpBuffer=0x3526da8*, nNumberOfBytesToWrite=0x16530, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x3526da8*, lpNumberOfBytesWritten=0x19ef18*=0x16530, lpOverlapped=0x0) returned 1 [0215.121] ReadFile (in: hFile=0x358, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0215.121] CloseHandle (hObject=0x358) returned 1 [0215.122] WriteFile (in: hFile=0x394, lpBuffer=0x2371074*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x2371074*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0215.122] CloseHandle (hObject=0x394) returned 1 [0215.134] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif", lpFilePart=0x0) returned 0x47 [0215.134] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\hHEWCPQXSzJqw2.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\hhewcpqxszjqw2.gif")) returned 1 [0215.176] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png.crypted", lpFilePart=0x0) returned 0x4f [0215.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0215.176] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\lbrcwvvbg mc7v.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0215.177] GetFileType (hFile=0x394) returned 0x1 [0215.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0215.177] GetFileType (hFile=0x394) returned 0x1 [0217.324] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png", lpFilePart=0x0) returned 0x47 [0217.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0217.325] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\lbrcwvvbg mc7v.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0217.325] GetFileType (hFile=0x358) returned 0x1 [0217.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0217.325] GetFileType (hFile=0x358) returned 0x1 [0217.329] ReadFile (in: hFile=0x358, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19ef40*=0xda95, lpOverlapped=0x0) returned 1 [0217.344] WriteFile (in: hFile=0x394, lpBuffer=0x2454270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2454270*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0217.346] WriteFile (in: hFile=0x394, lpBuffer=0x24567e4*, nNumberOfBytesToWrite=0xcab0, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x24567e4*, lpNumberOfBytesWritten=0x19ef18*=0xcab0, lpOverlapped=0x0) returned 1 [0217.347] ReadFile (in: hFile=0x358, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0217.347] CloseHandle (hObject=0x358) returned 1 [0217.348] WriteFile (in: hFile=0x394, lpBuffer=0x2454270*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x2454270*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0217.348] CloseHandle (hObject=0x394) returned 1 [0217.350] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png", lpFilePart=0x0) returned 0x47 [0217.351] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\lBRcwvvbG mc7v.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\lbrcwvvbg mc7v.png")) returned 1 [0217.357] CryptGenRandom (in: hProv=0x8a29e8, dwLen=0x20, pbBuffer=0x7fa01a8 | out: pbBuffer=0x7fa01a8) returned 1 [0217.357] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg.crypted", lpFilePart=0x0) returned 0x54 [0217.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0217.357] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\_iip8t0mrxllm1tfjbq.jpg.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0217.358] GetFileType (hFile=0x394) returned 0x1 [0217.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0217.358] GetFileType (hFile=0x394) returned 0x1 [0218.847] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg", lpFilePart=0x0) returned 0x4c [0218.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0218.847] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\_iip8t0mrxllm1tfjbq.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0218.847] GetFileType (hFile=0x358) returned 0x1 [0218.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0218.847] GetFileType (hFile=0x358) returned 0x1 [0218.851] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef40*=0x5015, lpOverlapped=0x0) returned 1 [0218.865] WriteFile (in: hFile=0x394, lpBuffer=0x23475cc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x23475cc*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0218.867] WriteFile (in: hFile=0x394, lpBuffer=0x2349b54*, nNumberOfBytesToWrite=0x4030, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2349b54*, lpNumberOfBytesWritten=0x19ef18*=0x4030, lpOverlapped=0x0) returned 1 [0218.867] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0218.867] CloseHandle (hObject=0x358) returned 1 [0218.868] WriteFile (in: hFile=0x394, lpBuffer=0x23475cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x23475cc*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0218.868] CloseHandle (hObject=0x394) returned 1 [0218.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg", lpFilePart=0x0) returned 0x4c [0218.870] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\_iiP8T0MRXllm1tfjbq.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\6ormbg\\uoige gfqrzv s\\_iip8t0mrxllm1tfjbq.jpg")) returned 1 [0218.873] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef88) returned 1 [0218.873] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S", nBufferLength=0x105, lpBuffer=0x19ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S", lpFilePart=0x0) returned 0x34 [0218.873] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\", nBufferLength=0x105, lpBuffer=0x19ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\", lpFilePart=0x0) returned 0x35 [0218.873] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\6oRmBG\\uOigE gFQrZv S\\*", lpFindFileData=0x19ecb0 | out: lpFindFileData=0x19ecb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a167d10, ftCreationTime.dwHighDateTime=0x1d703e6, ftLastAccessTime.dwLowDateTime=0x9fd8d410, ftLastAccessTime.dwHighDateTime=0x1d70493, ftLastWriteTime.dwLowDateTime=0xa93db8dd, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a78b0 [0218.874] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a167d10, ftCreationTime.dwHighDateTime=0x1d703e6, ftLastAccessTime.dwLowDateTime=0x9fd8d410, ftLastAccessTime.dwHighDateTime=0x1d70493, ftLastWriteTime.dwLowDateTime=0xa93db8dd, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0218.875] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4b8aa7c, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa4b8aa7c, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa5dbb12f, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x6790, dwReserved0=0x0, dwReserved1=0x0, cFileName="EghA ewGW4m.png.crypted", cAlternateFileName="EGHAEW~1.CRY")) returned 1 [0218.875] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5dd0ac6, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa5dd0ac6, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa7030085, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x17540, dwReserved0=0x0, dwReserved1=0x0, cFileName="hHEWCPQXSzJqw2.gif.crypted", cAlternateFileName="HHEWCP~1.CRY")) returned 1 [0218.875] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa709eef1, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa709eef1, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa855a7e0, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xdac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lBRcwvvbG mc7v.png.crypted", cAlternateFileName="LBRCWV~1.CRY")) returned 1 [0218.876] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa856c708, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa856c708, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa93d85b6, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x5040, dwReserved0=0x0, dwReserved1=0x0, cFileName="_iiP8T0MRXllm1tfjbq.jpg.crypted", cAlternateFileName="_IIP8T~1.CRY")) returned 1 [0218.876] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa856c708, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa856c708, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xa93d85b6, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x5040, dwReserved0=0x0, dwReserved1=0x0, cFileName="_iiP8T0MRXllm1tfjbq.jpg.crypted", cAlternateFileName="_IIP8T~1.CRY")) returned 0 [0218.876] FindClose (in: hFindFile=0x8a78b0 | out: hFindFile=0x8a78b0) returned 1 [0218.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef48) returned 1 [0218.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef54) returned 1 [0218.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0218.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x2a [0218.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\", lpFilePart=0x0) returned 0x2b [0218.877] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a73f0 [0218.880] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0218.880] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0218.880] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0218.880] FindClose (in: hFindFile=0x8a73f0 | out: hFindFile=0x8a73f0) returned 1 [0218.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0218.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0218.882] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini.crypted", lpFilePart=0x0) returned 0x3e [0218.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0218.882] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0218.883] GetFileType (hFile=0x394) returned 0x1 [0218.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0218.883] GetFileType (hFile=0x394) returned 0x1 [0220.175] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", lpFilePart=0x0) returned 0x36 [0220.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0220.175] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0220.177] GetFileType (hFile=0x358) returned 0x1 [0220.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0220.177] GetFileType (hFile=0x358) returned 0x1 [0220.181] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0xbe, lpOverlapped=0x0) returned 1 [0220.192] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0220.193] CloseHandle (hObject=0x358) returned 1 [0220.193] WriteFile (in: hFile=0x394, lpBuffer=0x243128c*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x243128c*, lpNumberOfBytesWritten=0x19ef24*=0xe0, lpOverlapped=0x0) returned 1 [0220.195] CloseHandle (hObject=0x394) returned 1 [0220.196] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", lpFilePart=0x0) returned 0x36 [0220.196] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini")) returned 1 [0220.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0220.198] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x2a [0220.198] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\", lpFilePart=0x0) returned 0x2b [0220.200] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0xaa07f0d9, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a75f0 [0220.200] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0xaa07f0d9, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.200] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa93f7adb, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa93f7adb, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xaa07de38, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.crypted", cAlternateFileName="DESKTO~1.CRY")) returned 1 [0220.201] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa93f7adb, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xa93f7adb, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xaa07de38, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.crypted", cAlternateFileName="DESKTO~1.CRY")) returned 0 [0220.201] FindClose (in: hFindFile=0x8a75f0 | out: hFindFile=0x8a75f0) returned 1 [0220.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0220.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0220.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0220.202] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ", lpFilePart=0x0) returned 0x23 [0220.202] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\", lpFilePart=0x0) returned 0x24 [0220.202] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8511580, ftCreationTime.dwHighDateTime=0x1d6ff70, ftLastAccessTime.dwLowDateTime=0xc02eafd0, ftLastAccessTime.dwHighDateTime=0x1d70850, ftLastWriteTime.dwLowDateTime=0xc02eafd0, ftLastWriteTime.dwHighDateTime=0x1d70850, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a75f0 [0220.202] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8511580, ftCreationTime.dwHighDateTime=0x1d6ff70, ftLastAccessTime.dwLowDateTime=0xc02eafd0, ftLastAccessTime.dwHighDateTime=0x1d70850, ftLastWriteTime.dwLowDateTime=0xc02eafd0, ftLastWriteTime.dwHighDateTime=0x1d70850, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.203] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14c10dd0, ftCreationTime.dwHighDateTime=0x1d6fecf, ftLastAccessTime.dwLowDateTime=0x9f9c59d0, ftLastAccessTime.dwHighDateTime=0x1d6ff0d, ftLastWriteTime.dwLowDateTime=0x9f9c59d0, ftLastWriteTime.dwHighDateTime=0x1d6ff0d, nFileSizeHigh=0x0, nFileSizeLow=0xe748, dwReserved0=0x0, dwReserved1=0x0, cFileName="0x80rwEK7GGdZi42.png", cAlternateFileName="0X80RW~1.PNG")) returned 1 [0220.203] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf552d0a0, ftCreationTime.dwHighDateTime=0x1d6fa19, ftLastAccessTime.dwLowDateTime=0xeae75e70, ftLastAccessTime.dwHighDateTime=0x1d704cc, ftLastWriteTime.dwLowDateTime=0xeae75e70, ftLastWriteTime.dwHighDateTime=0x1d704cc, nFileSizeHigh=0x0, nFileSizeLow=0x13470, dwReserved0=0x0, dwReserved1=0x0, cFileName="FW6n2E74XencSxxVQ.gif", cAlternateFileName="FW6N2E~1.GIF")) returned 1 [0220.203] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x489521d0, ftCreationTime.dwHighDateTime=0x1d7048a, ftLastAccessTime.dwLowDateTime=0xcfb61c60, ftLastAccessTime.dwHighDateTime=0x1d70993, ftLastWriteTime.dwLowDateTime=0xcfb61c60, ftLastWriteTime.dwHighDateTime=0x1d70993, nFileSizeHigh=0x0, nFileSizeLow=0x18a94, dwReserved0=0x0, dwReserved1=0x0, cFileName="mwI3GQ.png", cAlternateFileName="")) returned 1 [0220.204] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8ba947c0, ftCreationTime.dwHighDateTime=0x1d6fe64, ftLastAccessTime.dwLowDateTime=0xb04b1dd0, ftLastAccessTime.dwHighDateTime=0x1d7009c, ftLastWriteTime.dwLowDateTime=0xb04b1dd0, ftLastWriteTime.dwHighDateTime=0x1d7009c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WEJFbW0YT", cAlternateFileName="WEJFBW~1")) returned 1 [0220.204] FindNextFileW (in: hFindFile=0x8a75f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8ba947c0, ftCreationTime.dwHighDateTime=0x1d6fe64, ftLastAccessTime.dwLowDateTime=0xb04b1dd0, ftLastAccessTime.dwHighDateTime=0x1d7009c, ftLastWriteTime.dwLowDateTime=0xb04b1dd0, ftLastWriteTime.dwHighDateTime=0x1d7009c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WEJFbW0YT", cAlternateFileName="WEJFBW~1")) returned 0 [0220.204] FindClose (in: hFindFile=0x8a75f0 | out: hFindFile=0x8a75f0) returned 1 [0220.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0220.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0220.206] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png.crypted", lpFilePart=0x0) returned 0x40 [0220.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0220.207] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\0x80rwek7ggdzi42.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0220.207] GetFileType (hFile=0x394) returned 0x1 [0220.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0220.208] GetFileType (hFile=0x394) returned 0x1 [0221.635] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png", lpFilePart=0x0) returned 0x38 [0221.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0221.635] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\0x80rwek7ggdzi42.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0221.635] GetFileType (hFile=0x358) returned 0x1 [0221.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0221.635] GetFileType (hFile=0x358) returned 0x1 [0221.638] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19ef74*=0xe748, lpOverlapped=0x0) returned 1 [0221.651] WriteFile (in: hFile=0x394, lpBuffer=0x2315ccc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x2315ccc*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0221.652] WriteFile (in: hFile=0x394, lpBuffer=0x2318228*, nNumberOfBytesToWrite=0xd760, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x2318228*, lpNumberOfBytesWritten=0x19ef4c*=0xd760, lpOverlapped=0x0) returned 1 [0221.653] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0221.654] CloseHandle (hObject=0x358) returned 1 [0221.654] WriteFile (in: hFile=0x394, lpBuffer=0x2315ccc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x2315ccc*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0221.654] CloseHandle (hObject=0x394) returned 1 [0221.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png", lpFilePart=0x0) returned 0x38 [0221.657] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\0x80rwEK7GGdZi42.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\0x80rwek7ggdzi42.png")) returned 1 [0221.662] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif.crypted", lpFilePart=0x0) returned 0x41 [0221.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0221.662] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\fw6n2e74xencsxxvq.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0221.663] GetFileType (hFile=0x394) returned 0x1 [0221.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0221.663] GetFileType (hFile=0x394) returned 0x1 [0223.171] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif", lpFilePart=0x0) returned 0x39 [0223.171] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0223.171] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\fw6n2e74xencsxxvq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0223.173] GetFileType (hFile=0x358) returned 0x1 [0223.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0223.173] GetFileType (hFile=0x358) returned 0x1 [0223.176] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x13470, lpOverlapped=0x0) returned 1 [0223.187] WriteFile (in: hFile=0x394, lpBuffer=0x2408afc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x2408afc*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0223.189] WriteFile (in: hFile=0x394, lpBuffer=0x240b058*, nNumberOfBytesToWrite=0x12490, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x240b058*, lpNumberOfBytesWritten=0x19ef4c*=0x12490, lpOverlapped=0x0) returned 1 [0223.191] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0223.191] CloseHandle (hObject=0x358) returned 1 [0223.192] WriteFile (in: hFile=0x394, lpBuffer=0x2408afc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x2408afc*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0223.192] CloseHandle (hObject=0x394) returned 1 [0223.196] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif", lpFilePart=0x0) returned 0x39 [0223.196] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\FW6n2E74XencSxxVQ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\fw6n2e74xencsxxvq.gif")) returned 1 [0223.203] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png.crypted", lpFilePart=0x0) returned 0x36 [0223.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0223.203] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\mwi3gq.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0223.205] GetFileType (hFile=0x394) returned 0x1 [0223.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0223.205] GetFileType (hFile=0x394) returned 0x1 [0224.754] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png", lpFilePart=0x0) returned 0x2e [0224.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0224.754] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\mwi3gq.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0224.756] GetFileType (hFile=0x358) returned 0x1 [0224.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0224.756] GetFileType (hFile=0x358) returned 0x1 [0224.758] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0x18a94, lpOverlapped=0x0) returned 1 [0224.778] WriteFile (in: hFile=0x394, lpBuffer=0x23014bc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x23014bc*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0224.780] WriteFile (in: hFile=0x394, lpBuffer=0x3611568*, nNumberOfBytesToWrite=0x17ab0, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x3611568*, lpNumberOfBytesWritten=0x19ef4c*=0x17ab0, lpOverlapped=0x0) returned 1 [0224.783] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0224.783] CloseHandle (hObject=0x358) returned 1 [0224.784] WriteFile (in: hFile=0x394, lpBuffer=0x23014bc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x23014bc*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0224.784] CloseHandle (hObject=0x394) returned 1 [0224.795] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png", lpFilePart=0x0) returned 0x2e [0224.795] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\mwI3GQ.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\mwi3gq.png")) returned 1 [0224.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0224.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ", lpFilePart=0x0) returned 0x23 [0224.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\", lpFilePart=0x0) returned 0x24 [0224.801] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8511580, ftCreationTime.dwHighDateTime=0x1d6ff70, ftLastAccessTime.dwLowDateTime=0xc02eafd0, ftLastAccessTime.dwHighDateTime=0x1d70850, ftLastWriteTime.dwLowDateTime=0xacc61358, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a78b0 [0224.802] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8511580, ftCreationTime.dwHighDateTime=0x1d6ff70, ftLastAccessTime.dwLowDateTime=0xc02eafd0, ftLastAccessTime.dwHighDateTime=0x1d70850, ftLastWriteTime.dwLowDateTime=0xacc61358, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.803] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa098a85, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xaa098a85, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xaae6bdb2, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe770, dwReserved0=0x0, dwReserved1=0x0, cFileName="0x80rwEK7GGdZi42.png.crypted", cAlternateFileName="0X80RW~1.CRY")) returned 1 [0224.803] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaae7b0fc, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xaae7b0fc, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xabd17efb, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x134a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FW6n2E74XencSxxVQ.gif.crypted", cAlternateFileName="FW6N2E~1.CRY")) returned 1 [0224.803] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabd2ce2a, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xabd2ce2a, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xacc58a3d, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x18ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mwI3GQ.png.crypted", cAlternateFileName="MWI3GQ~1.CRY")) returned 1 [0224.803] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8ba947c0, ftCreationTime.dwHighDateTime=0x1d6fe64, ftLastAccessTime.dwLowDateTime=0xb04b1dd0, ftLastAccessTime.dwHighDateTime=0x1d7009c, ftLastWriteTime.dwLowDateTime=0xb04b1dd0, ftLastWriteTime.dwHighDateTime=0x1d7009c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WEJFbW0YT", cAlternateFileName="WEJFBW~1")) returned 1 [0224.804] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.804] FindClose (in: hFindFile=0x8a78b0 | out: hFindFile=0x8a78b0) returned 1 [0224.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0224.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0224.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef88) returned 1 [0224.805] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT", nBufferLength=0x105, lpBuffer=0x19ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT", lpFilePart=0x0) returned 0x2d [0224.805] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\", nBufferLength=0x105, lpBuffer=0x19ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\", lpFilePart=0x0) returned 0x2e [0224.805] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\*", lpFindFileData=0x19ecb0 | out: lpFindFileData=0x19ecb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8ba947c0, ftCreationTime.dwHighDateTime=0x1d6fe64, ftLastAccessTime.dwLowDateTime=0xb04b1dd0, ftLastAccessTime.dwHighDateTime=0x1d7009c, ftLastWriteTime.dwLowDateTime=0xb04b1dd0, ftLastWriteTime.dwHighDateTime=0x1d7009c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7270 [0224.806] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8ba947c0, ftCreationTime.dwHighDateTime=0x1d6fe64, ftLastAccessTime.dwLowDateTime=0xb04b1dd0, ftLastAccessTime.dwHighDateTime=0x1d7009c, ftLastWriteTime.dwLowDateTime=0xb04b1dd0, ftLastWriteTime.dwHighDateTime=0x1d7009c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0224.806] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x816ba420, ftCreationTime.dwHighDateTime=0x1d703b8, ftLastAccessTime.dwLowDateTime=0x35640f00, ftLastAccessTime.dwHighDateTime=0x1d707f9, ftLastWriteTime.dwLowDateTime=0x35640f00, ftLastWriteTime.dwHighDateTime=0x1d707f9, nFileSizeHigh=0x0, nFileSizeLow=0xdf43, dwReserved0=0x0, dwReserved1=0x0, cFileName="CulSBRH73xpuIJ.gif", cAlternateFileName="CULSBR~1.GIF")) returned 1 [0224.806] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50c9ad20, ftCreationTime.dwHighDateTime=0x1d6fb53, ftLastAccessTime.dwLowDateTime=0xec9b1120, ftLastAccessTime.dwHighDateTime=0x1d6fea6, ftLastWriteTime.dwLowDateTime=0xec9b1120, ftLastWriteTime.dwHighDateTime=0x1d6fea6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LqJnDM9UiX9y__", cAlternateFileName="LQJNDM~1")) returned 1 [0224.807] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4541e20, ftCreationTime.dwHighDateTime=0x1d7069e, ftLastAccessTime.dwLowDateTime=0xc9c62070, ftLastAccessTime.dwHighDateTime=0x1d70772, ftLastWriteTime.dwLowDateTime=0xc9c62070, ftLastWriteTime.dwHighDateTime=0x1d70772, nFileSizeHigh=0x0, nFileSizeLow=0x6b2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="qa qscB7dEB68md.jpg", cAlternateFileName="QAQSCB~1.JPG")) returned 1 [0224.807] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f3cf4e0, ftCreationTime.dwHighDateTime=0x1d6fa77, ftLastAccessTime.dwLowDateTime=0x84bd990, ftLastAccessTime.dwHighDateTime=0x1d704fb, ftLastWriteTime.dwLowDateTime=0x84bd990, ftLastWriteTime.dwHighDateTime=0x1d704fb, nFileSizeHigh=0x0, nFileSizeLow=0xb6a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="qpgifz.png", cAlternateFileName="")) returned 1 [0224.807] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x125b8b90, ftCreationTime.dwHighDateTime=0x1d6fd87, ftLastAccessTime.dwLowDateTime=0xb5f19810, ftLastAccessTime.dwHighDateTime=0x1d70446, ftLastWriteTime.dwLowDateTime=0xb5f19810, ftLastWriteTime.dwHighDateTime=0x1d70446, nFileSizeHigh=0x0, nFileSizeLow=0x5626, dwReserved0=0x0, dwReserved1=0x0, cFileName="vjctOsc 9.png", cAlternateFileName="VJCTOS~1.PNG")) returned 1 [0224.807] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde2e8360, ftCreationTime.dwHighDateTime=0x1d70356, ftLastAccessTime.dwLowDateTime=0xb3287900, ftLastAccessTime.dwHighDateTime=0x1d70522, ftLastWriteTime.dwLowDateTime=0xb3287900, ftLastWriteTime.dwHighDateTime=0x1d70522, nFileSizeHigh=0x0, nFileSizeLow=0x9a62, dwReserved0=0x0, dwReserved1=0x0, cFileName="_ZeJwDnDxE -.png", cAlternateFileName="_ZEJWD~1.PNG")) returned 1 [0224.808] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0224.808] FindClose (in: hFindFile=0x8a7270 | out: hFindFile=0x8a7270) returned 1 [0224.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef48) returned 1 [0224.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef54) returned 1 [0224.810] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif.crypted", lpFilePart=0x0) returned 0x48 [0224.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0224.810] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\culsbrh73xpuij.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0224.811] GetFileType (hFile=0x394) returned 0x1 [0224.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0224.811] GetFileType (hFile=0x394) returned 0x1 [0226.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif", lpFilePart=0x0) returned 0x40 [0226.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0226.697] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\culsbrh73xpuij.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0226.698] GetFileType (hFile=0x358) returned 0x1 [0226.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0226.698] GetFileType (hFile=0x358) returned 0x1 [0226.701] ReadFile (in: hFile=0x358, lpBuffer=0x3629038, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3629038*, lpNumberOfBytesRead=0x19ef40*=0xdf43, lpOverlapped=0x0) returned 1 [0226.722] WriteFile (in: hFile=0x394, lpBuffer=0x23e6c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x23e6c30*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0226.724] WriteFile (in: hFile=0x394, lpBuffer=0x23e9198*, nNumberOfBytesToWrite=0xcf60, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x23e9198*, lpNumberOfBytesWritten=0x19ef18*=0xcf60, lpOverlapped=0x0) returned 1 [0226.726] ReadFile (in: hFile=0x358, lpBuffer=0x3629038, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3629038*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0226.726] CloseHandle (hObject=0x358) returned 1 [0226.726] WriteFile (in: hFile=0x394, lpBuffer=0x23e6c30*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x23e6c30*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0226.727] CloseHandle (hObject=0x394) returned 1 [0226.733] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif", lpFilePart=0x0) returned 0x40 [0226.733] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\CulSBRH73xpuIJ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\culsbrh73xpuij.gif")) returned 1 [0226.738] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg.crypted", lpFilePart=0x0) returned 0x49 [0226.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0226.738] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\qa qscb7deb68md.jpg.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0226.739] GetFileType (hFile=0x394) returned 0x1 [0226.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0226.740] GetFileType (hFile=0x394) returned 0x1 [0228.373] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg", lpFilePart=0x0) returned 0x41 [0228.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0228.373] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\qa qscb7deb68md.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0228.375] GetFileType (hFile=0x358) returned 0x1 [0228.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0228.375] GetFileType (hFile=0x358) returned 0x1 [0228.381] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef40*=0x6b2e, lpOverlapped=0x0) returned 1 [0228.398] WriteFile (in: hFile=0x394, lpBuffer=0x24d7b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x24d7b70*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0228.403] WriteFile (in: hFile=0x394, lpBuffer=0x24da0d8*, nNumberOfBytesToWrite=0x5b40, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x24da0d8*, lpNumberOfBytesWritten=0x19ef18*=0x5b40, lpOverlapped=0x0) returned 1 [0228.405] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0228.405] CloseHandle (hObject=0x358) returned 1 [0228.405] WriteFile (in: hFile=0x394, lpBuffer=0x24d7b70*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x24d7b70*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0228.406] CloseHandle (hObject=0x394) returned 1 [0230.465] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg", lpFilePart=0x0) returned 0x41 [0230.465] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qa qscB7dEB68md.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\qa qscb7deb68md.jpg")) returned 1 [0230.473] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png.crypted", lpFilePart=0x0) returned 0x40 [0230.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0230.473] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\qpgifz.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0230.475] GetFileType (hFile=0x394) returned 0x1 [0230.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0230.475] GetFileType (hFile=0x394) returned 0x1 [0232.085] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png", lpFilePart=0x0) returned 0x38 [0232.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0232.085] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\qpgifz.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0232.086] GetFileType (hFile=0x358) returned 0x1 [0232.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0232.086] GetFileType (hFile=0x358) returned 0x1 [0232.089] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef40*=0xb6a5, lpOverlapped=0x0) returned 1 [0232.106] WriteFile (in: hFile=0x394, lpBuffer=0x23c1c44*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x23c1c44*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0232.108] WriteFile (in: hFile=0x394, lpBuffer=0x23c418c*, nNumberOfBytesToWrite=0xa6c0, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x23c418c*, lpNumberOfBytesWritten=0x19ef18*=0xa6c0, lpOverlapped=0x0) returned 1 [0232.109] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0232.109] CloseHandle (hObject=0x358) returned 1 [0232.110] WriteFile (in: hFile=0x394, lpBuffer=0x23c1c44*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x23c1c44*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0232.110] CloseHandle (hObject=0x394) returned 1 [0232.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png", lpFilePart=0x0) returned 0x38 [0232.119] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\qpgifz.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\qpgifz.png")) returned 1 [0232.122] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png.crypted", lpFilePart=0x0) returned 0x43 [0232.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0232.123] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\vjctosc 9.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0232.123] GetFileType (hFile=0x394) returned 0x1 [0232.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0232.123] GetFileType (hFile=0x394) returned 0x1 [0233.712] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png", lpFilePart=0x0) returned 0x3b [0233.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0233.713] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\vjctosc 9.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0233.713] GetFileType (hFile=0x358) returned 0x1 [0233.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0233.713] GetFileType (hFile=0x358) returned 0x1 [0233.717] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19ef40*=0x5626, lpOverlapped=0x0) returned 1 [0233.729] WriteFile (in: hFile=0x394, lpBuffer=0x24b0918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x24b0918*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0233.731] WriteFile (in: hFile=0x394, lpBuffer=0x24b2e68*, nNumberOfBytesToWrite=0x4640, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x24b2e68*, lpNumberOfBytesWritten=0x19ef18*=0x4640, lpOverlapped=0x0) returned 1 [0233.732] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0233.732] CloseHandle (hObject=0x358) returned 1 [0233.732] WriteFile (in: hFile=0x394, lpBuffer=0x24b0918*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x24b0918*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0233.732] CloseHandle (hObject=0x394) returned 1 [0233.737] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png", lpFilePart=0x0) returned 0x3b [0233.737] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\vjctOsc 9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\vjctosc 9.png")) returned 1 [0233.743] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png.crypted", lpFilePart=0x0) returned 0x46 [0233.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0233.743] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\_zejwdndxe -.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0233.744] GetFileType (hFile=0x394) returned 0x1 [0233.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0233.744] GetFileType (hFile=0x394) returned 0x1 [0235.203] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png", lpFilePart=0x0) returned 0x3e [0235.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0235.203] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\_zejwdndxe -.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0235.204] GetFileType (hFile=0x358) returned 0x1 [0235.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0235.205] GetFileType (hFile=0x358) returned 0x1 [0235.209] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef40*=0x9a62, lpOverlapped=0x0) returned 1 [0235.230] WriteFile (in: hFile=0x394, lpBuffer=0x23996e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x23996e0*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0235.231] WriteFile (in: hFile=0x394, lpBuffer=0x239bc40*, nNumberOfBytesToWrite=0x8a80, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x239bc40*, lpNumberOfBytesWritten=0x19ef18*=0x8a80, lpOverlapped=0x0) returned 1 [0235.233] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0235.233] CloseHandle (hObject=0x358) returned 1 [0235.233] WriteFile (in: hFile=0x394, lpBuffer=0x23996e0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x23996e0*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0235.233] CloseHandle (hObject=0x394) returned 1 [0235.272] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png", lpFilePart=0x0) returned 0x3e [0235.272] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\_ZeJwDnDxE -.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\_zejwdndxe -.png")) returned 1 [0235.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef88) returned 1 [0235.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT", nBufferLength=0x105, lpBuffer=0x19ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT", lpFilePart=0x0) returned 0x2d [0235.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\", nBufferLength=0x105, lpBuffer=0x19ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\", lpFilePart=0x0) returned 0x2e [0235.275] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\*", lpFindFileData=0x19ecb0 | out: lpFindFileData=0x19ecb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8ba947c0, ftCreationTime.dwHighDateTime=0x1d6fe64, ftLastAccessTime.dwLowDateTime=0xb04b1dd0, ftLastAccessTime.dwHighDateTime=0x1d7009c, ftLastWriteTime.dwLowDateTime=0xb304761e, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a78b0 [0235.276] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8ba947c0, ftCreationTime.dwHighDateTime=0x1d6fe64, ftLastAccessTime.dwLowDateTime=0xb04b1dd0, ftLastAccessTime.dwHighDateTime=0x1d7009c, ftLastWriteTime.dwLowDateTime=0xb304761e, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.276] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xacc7fc05, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xacc7fc05, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xaded3fcb, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xdf70, dwReserved0=0x0, dwReserved1=0x0, cFileName="CulSBRH73xpuIJ.gif.crypted", cAlternateFileName="CULSBR~1.CRY")) returned 1 [0235.276] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50c9ad20, ftCreationTime.dwHighDateTime=0x1d6fb53, ftLastAccessTime.dwLowDateTime=0xec9b1120, ftLastAccessTime.dwHighDateTime=0x1d6fea6, ftLastWriteTime.dwLowDateTime=0xec9b1120, ftLastWriteTime.dwHighDateTime=0x1d6fea6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LqJnDM9UiX9y__", cAlternateFileName="LQJNDM~1")) returned 1 [0235.277] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadee3d4b, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xadee3d4b, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb0269c49, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x6b50, dwReserved0=0x0, dwReserved1=0x0, cFileName="qa qscB7dEB68md.jpg.crypted", cAlternateFileName="QAQSCB~1.CRY")) returned 1 [0235.277] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb02822ee, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb02822ee, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb12308ef, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xb6d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qpgifz.png.crypted", cAlternateFileName="QPGIFZ~1.CRY")) returned 1 [0235.277] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb123b995, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb123b995, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb21a090a, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x5650, dwReserved0=0x0, dwReserved1=0x0, cFileName="vjctOsc 9.png.crypted", cAlternateFileName="VJCTOS~1.CRY")) returned 1 [0235.277] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb21af90c, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb21af90c, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb3043c9b, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x9a90, dwReserved0=0x0, dwReserved1=0x0, cFileName="_ZeJwDnDxE -.png.crypted", cAlternateFileName="_ZEJWD~1.CRY")) returned 1 [0235.278] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb21af90c, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb21af90c, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb3043c9b, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x9a90, dwReserved0=0x0, dwReserved1=0x0, cFileName="_ZeJwDnDxE -.png.crypted", cAlternateFileName="_ZEJWD~1.CRY")) returned 0 [0235.278] FindClose (in: hFindFile=0x8a78b0 | out: hFindFile=0x8a78b0) returned 1 [0235.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef48) returned 1 [0235.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef54) returned 1 [0235.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef54) returned 1 [0235.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__", nBufferLength=0x105, lpBuffer=0x19ea5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__", lpFilePart=0x0) returned 0x3c [0235.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\", nBufferLength=0x105, lpBuffer=0x19ea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\", lpFilePart=0x0) returned 0x3d [0235.279] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\*", lpFindFileData=0x19ec7c | out: lpFindFileData=0x19ec7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50c9ad20, ftCreationTime.dwHighDateTime=0x1d6fb53, ftLastAccessTime.dwLowDateTime=0xec9b1120, ftLastAccessTime.dwHighDateTime=0x1d6fea6, ftLastWriteTime.dwLowDateTime=0xec9b1120, ftLastWriteTime.dwHighDateTime=0x1d6fea6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a72f0 [0235.279] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ec8c | out: lpFindFileData=0x19ec8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50c9ad20, ftCreationTime.dwHighDateTime=0x1d6fb53, ftLastAccessTime.dwLowDateTime=0xec9b1120, ftLastAccessTime.dwHighDateTime=0x1d6fea6, ftLastWriteTime.dwLowDateTime=0xec9b1120, ftLastWriteTime.dwHighDateTime=0x1d6fea6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.279] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ec8c | out: lpFindFileData=0x19ec8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21748c90, ftCreationTime.dwHighDateTime=0x1d70957, ftLastAccessTime.dwLowDateTime=0x65b6f460, ftLastAccessTime.dwHighDateTime=0x1d709f7, ftLastWriteTime.dwLowDateTime=0x65b6f460, ftLastWriteTime.dwHighDateTime=0x1d709f7, nFileSizeHigh=0x0, nFileSizeLow=0xc166, dwReserved0=0x0, dwReserved1=0x0, cFileName="QTFwbdIShFVlZcj.png", cAlternateFileName="QTFWBD~1.PNG")) returned 1 [0235.280] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ec8c | out: lpFindFileData=0x19ec8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0235.280] FindClose (in: hFindFile=0x8a72f0 | out: hFindFile=0x8a72f0) returned 1 [0235.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef14) returned 1 [0235.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef20) returned 1 [0235.281] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png.crypted", nBufferLength=0x105, lpBuffer=0x19e958, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png.crypted", lpFilePart=0x0) returned 0x58 [0235.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee4c) returned 1 [0235.282] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\lqjndm9uix9y__\\qtfwbdishfvlzcj.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0235.282] GetFileType (hFile=0x394) returned 0x1 [0235.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee48) returned 1 [0235.282] GetFileType (hFile=0x394) returned 0x1 [0236.996] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png", nBufferLength=0x105, lpBuffer=0x19e958, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png", lpFilePart=0x0) returned 0x50 [0236.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee4c) returned 1 [0236.997] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\lqjndm9uix9y__\\qtfwbdishfvlzcj.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0236.997] GetFileType (hFile=0x358) returned 0x1 [0236.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee48) returned 1 [0236.998] GetFileType (hFile=0x358) returned 0x1 [0237.001] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef0c, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef0c*=0xc166, lpOverlapped=0x0) returned 1 [0237.018] WriteFile (in: hFile=0x394, lpBuffer=0x2488674*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19eee4, lpOverlapped=0x0 | out: lpBuffer=0x2488674*, lpNumberOfBytesWritten=0x19eee4*=0x1000, lpOverlapped=0x0) returned 1 [0237.021] WriteFile (in: hFile=0x394, lpBuffer=0x248abfc*, nNumberOfBytesToWrite=0xb180, lpNumberOfBytesWritten=0x19eee4, lpOverlapped=0x0 | out: lpBuffer=0x248abfc*, lpNumberOfBytesWritten=0x19eee4*=0xb180, lpOverlapped=0x0) returned 1 [0237.023] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef0c, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef0c*=0x0, lpOverlapped=0x0) returned 1 [0237.023] CloseHandle (hObject=0x358) returned 1 [0237.023] WriteFile (in: hFile=0x394, lpBuffer=0x2488674*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eebc, lpOverlapped=0x0 | out: lpBuffer=0x2488674*, lpNumberOfBytesWritten=0x19eebc*=0x10, lpOverlapped=0x0) returned 1 [0237.024] CloseHandle (hObject=0x394) returned 1 [0237.030] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png", nBufferLength=0x105, lpBuffer=0x19ea4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png", lpFilePart=0x0) returned 0x50 [0237.030] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\QTFwbdIShFVlZcj.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ddsj\\wejfbw0yt\\lqjndm9uix9y__\\qtfwbdishfvlzcj.png")) returned 1 [0237.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef54) returned 1 [0237.033] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__", nBufferLength=0x105, lpBuffer=0x19ea5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__", lpFilePart=0x0) returned 0x3c [0237.033] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\", nBufferLength=0x105, lpBuffer=0x19ea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\", lpFilePart=0x0) returned 0x3d [0237.034] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ddsJ\\WEJFbW0YT\\LqJnDM9UiX9y__\\*", lpFindFileData=0x19ec7c | out: lpFindFileData=0x19ec7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50c9ad20, ftCreationTime.dwHighDateTime=0x1d6fb53, ftLastAccessTime.dwLowDateTime=0xec9b1120, ftLastAccessTime.dwHighDateTime=0x1d6fea6, ftLastWriteTime.dwLowDateTime=0xb410c21e, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a76f0 [0237.034] FindNextFileW (in: hFindFile=0x8a76f0, lpFindFileData=0x19ec8c | out: lpFindFileData=0x19ec8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50c9ad20, ftCreationTime.dwHighDateTime=0x1d6fb53, ftLastAccessTime.dwLowDateTime=0xec9b1120, ftLastAccessTime.dwHighDateTime=0x1d6fea6, ftLastWriteTime.dwLowDateTime=0xb410c21e, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.035] FindNextFileW (in: hFindFile=0x8a76f0, lpFindFileData=0x19ec8c | out: lpFindFileData=0x19ec8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb305c252, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb305c252, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb41074ca, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xc190, dwReserved0=0x0, dwReserved1=0x0, cFileName="QTFwbdIShFVlZcj.png.crypted", cAlternateFileName="QTFWBD~1.CRY")) returned 1 [0237.035] FindNextFileW (in: hFindFile=0x8a76f0, lpFindFileData=0x19ec8c | out: lpFindFileData=0x19ec8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb305c252, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb305c252, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb41074ca, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xc190, dwReserved0=0x0, dwReserved1=0x0, cFileName="QTFwbdIShFVlZcj.png.crypted", cAlternateFileName="QTFWBD~1.CRY")) returned 0 [0237.035] FindClose (in: hFindFile=0x8a76f0 | out: hFindFile=0x8a76f0) returned 1 [0237.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef14) returned 1 [0237.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef20) returned 1 [0237.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0237.035] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2", lpFilePart=0x0) returned 0x26 [0237.036] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\", lpFilePart=0x0) returned 0x27 [0237.036] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6de148f0, ftCreationTime.dwHighDateTime=0x1d70783, ftLastAccessTime.dwLowDateTime=0x741b08c0, ftLastAccessTime.dwHighDateTime=0x1d707db, ftLastWriteTime.dwLowDateTime=0x741b08c0, ftLastWriteTime.dwHighDateTime=0x1d707db, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7270 [0237.036] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6de148f0, ftCreationTime.dwHighDateTime=0x1d70783, ftLastAccessTime.dwLowDateTime=0x741b08c0, ftLastAccessTime.dwHighDateTime=0x1d707db, ftLastWriteTime.dwLowDateTime=0x741b08c0, ftLastWriteTime.dwHighDateTime=0x1d707db, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0237.037] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89eaf60, ftCreationTime.dwHighDateTime=0x1d705cf, ftLastAccessTime.dwLowDateTime=0x8efdbf00, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0x8efdbf00, ftLastWriteTime.dwHighDateTime=0x1d707dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7f8H_D0pzn", cAlternateFileName="7F8H_D~1")) returned 1 [0237.037] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e2844e0, ftCreationTime.dwHighDateTime=0x1d6ff64, ftLastAccessTime.dwLowDateTime=0xc232d4d0, ftLastAccessTime.dwHighDateTime=0x1d7096f, ftLastWriteTime.dwLowDateTime=0xc232d4d0, ftLastWriteTime.dwHighDateTime=0x1d7096f, nFileSizeHigh=0x0, nFileSizeLow=0xcdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="e0M5eKRs.bmp", cAlternateFileName="")) returned 1 [0237.037] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x284b93e0, ftCreationTime.dwHighDateTime=0x1d6ff95, ftLastAccessTime.dwLowDateTime=0xb4209730, ftLastAccessTime.dwHighDateTime=0x1d7030a, ftLastWriteTime.dwLowDateTime=0xb4209730, ftLastWriteTime.dwHighDateTime=0x1d7030a, nFileSizeHigh=0x0, nFileSizeLow=0x11315, dwReserved0=0x0, dwReserved1=0x0, cFileName="px_OI5y_g2.png", cAlternateFileName="PX_OI5~1.PNG")) returned 1 [0237.038] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb86e6bd0, ftCreationTime.dwHighDateTime=0x1d7042e, ftLastAccessTime.dwLowDateTime=0xa766de20, ftLastAccessTime.dwHighDateTime=0x1d7063c, ftLastWriteTime.dwLowDateTime=0xa766de20, ftLastWriteTime.dwHighDateTime=0x1d7063c, nFileSizeHigh=0x0, nFileSizeLow=0x16154, dwReserved0=0x0, dwReserved1=0x0, cFileName="r4-BrEBkg1m4C8DiC.bmp", cAlternateFileName="R4-BRE~1.BMP")) returned 1 [0237.038] FindNextFileW (in: hFindFile=0x8a7270, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0237.038] FindClose (in: hFindFile=0x8a7270 | out: hFindFile=0x8a7270) returned 1 [0237.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0237.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0237.040] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp.crypted", lpFilePart=0x0) returned 0x3b [0237.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0237.041] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\e0m5ekrs.bmp.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0237.041] GetFileType (hFile=0x394) returned 0x1 [0237.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0237.041] GetFileType (hFile=0x394) returned 0x1 [0238.845] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp", lpFilePart=0x0) returned 0x33 [0238.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0238.845] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\e0m5ekrs.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0238.847] GetFileType (hFile=0x358) returned 0x1 [0238.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0238.847] GetFileType (hFile=0x358) returned 0x1 [0238.882] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19ef74*=0xcdf, lpOverlapped=0x0) returned 1 [0238.955] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0238.955] CloseHandle (hObject=0x358) returned 1 [0238.955] WriteFile (in: hFile=0x394, lpBuffer=0x23798c8*, nNumberOfBytesToWrite=0xd00, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x23798c8*, lpNumberOfBytesWritten=0x19ef24*=0xd00, lpOverlapped=0x0) returned 1 [0238.957] CloseHandle (hObject=0x394) returned 1 [0238.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp", lpFilePart=0x0) returned 0x33 [0238.960] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\e0M5eKRs.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\e0m5ekrs.bmp")) returned 1 [0238.966] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png.crypted", lpFilePart=0x0) returned 0x3d [0238.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0238.967] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\px_oi5y_g2.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0238.968] GetFileType (hFile=0x394) returned 0x1 [0238.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0238.968] GetFileType (hFile=0x394) returned 0x1 [0240.559] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png", lpFilePart=0x0) returned 0x35 [0240.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0240.559] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\px_oi5y_g2.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0240.561] GetFileType (hFile=0x358) returned 0x1 [0240.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0240.561] GetFileType (hFile=0x358) returned 0x1 [0240.566] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x11315, lpOverlapped=0x0) returned 1 [0240.586] WriteFile (in: hFile=0x394, lpBuffer=0x245e920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x245e920*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0240.761] WriteFile (in: hFile=0x394, lpBuffer=0x2460e68*, nNumberOfBytesToWrite=0x10330, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x2460e68*, lpNumberOfBytesWritten=0x19ef4c*=0x10330, lpOverlapped=0x0) returned 1 [0240.763] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0240.764] CloseHandle (hObject=0x358) returned 1 [0240.764] WriteFile (in: hFile=0x394, lpBuffer=0x245e920*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x245e920*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0240.764] CloseHandle (hObject=0x394) returned 1 [0240.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png", lpFilePart=0x0) returned 0x35 [0240.768] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\px_OI5y_g2.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\px_oi5y_g2.png")) returned 1 [0240.789] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp.crypted", lpFilePart=0x0) returned 0x44 [0240.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0240.789] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\r4-brebkg1m4c8dic.bmp.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0240.790] GetFileType (hFile=0x394) returned 0x1 [0240.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0240.790] GetFileType (hFile=0x394) returned 0x1 [0241.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp", lpFilePart=0x0) returned 0x3c [0241.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0241.951] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\r4-brebkg1m4c8dic.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0241.952] GetFileType (hFile=0x358) returned 0x1 [0241.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0241.952] GetFileType (hFile=0x358) returned 0x1 [0241.954] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0x16154, lpOverlapped=0x0) returned 1 [0241.973] WriteFile (in: hFile=0x394, lpBuffer=0x2353504*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x2353504*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0241.975] WriteFile (in: hFile=0x394, lpBuffer=0x3611568*, nNumberOfBytesToWrite=0x15170, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x3611568*, lpNumberOfBytesWritten=0x19ef4c*=0x15170, lpOverlapped=0x0) returned 1 [0241.977] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0241.977] CloseHandle (hObject=0x358) returned 1 [0241.978] WriteFile (in: hFile=0x394, lpBuffer=0x2353504*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x2353504*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0241.978] CloseHandle (hObject=0x394) returned 1 [0241.984] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp", lpFilePart=0x0) returned 0x3c [0241.984] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\r4-BrEBkg1m4C8DiC.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\r4-brebkg1m4c8dic.bmp")) returned 1 [0241.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0241.987] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2", lpFilePart=0x0) returned 0x26 [0241.987] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\", lpFilePart=0x0) returned 0x27 [0241.988] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6de148f0, ftCreationTime.dwHighDateTime=0x1d70783, ftLastAccessTime.dwLowDateTime=0x741b08c0, ftLastAccessTime.dwHighDateTime=0x1d707db, ftLastWriteTime.dwLowDateTime=0xb704b1db, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a72f0 [0241.988] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6de148f0, ftCreationTime.dwHighDateTime=0x1d70783, ftLastAccessTime.dwLowDateTime=0x741b08c0, ftLastAccessTime.dwHighDateTime=0x1d707db, ftLastWriteTime.dwLowDateTime=0xb704b1db, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0241.989] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89eaf60, ftCreationTime.dwHighDateTime=0x1d705cf, ftLastAccessTime.dwLowDateTime=0x8efdbf00, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0x8efdbf00, ftLastWriteTime.dwHighDateTime=0x1d707dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7f8H_D0pzn", cAlternateFileName="7F8H_D~1")) returned 1 [0241.989] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4123594, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb4123594, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb536f3c4, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xd00, dwReserved0=0x0, dwReserved1=0x0, cFileName="e0M5eKRs.bmp.crypted", cAlternateFileName="E0M5EK~1.CRY")) returned 1 [0241.989] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb538247b, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb538247b, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb64adce7, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x11340, dwReserved0=0x0, dwReserved1=0x0, cFileName="px_OI5y_g2.png.crypted", cAlternateFileName="PX_OI5~1.CRY")) returned 1 [0241.989] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb64e2a3d, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb64e2a3d, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb70463d5, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x16180, dwReserved0=0x0, dwReserved1=0x0, cFileName="r4-BrEBkg1m4C8DiC.bmp.crypted", cAlternateFileName="R4-BRE~1.CRY")) returned 1 [0241.990] FindNextFileW (in: hFindFile=0x8a72f0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb64e2a3d, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb64e2a3d, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb70463d5, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x16180, dwReserved0=0x0, dwReserved1=0x0, cFileName="r4-BrEBkg1m4C8DiC.bmp.crypted", cAlternateFileName="R4-BRE~1.CRY")) returned 0 [0241.990] FindClose (in: hFindFile=0x8a72f0 | out: hFindFile=0x8a72f0) returned 1 [0241.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0241.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0241.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef88) returned 1 [0241.990] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn", nBufferLength=0x105, lpBuffer=0x19ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn", lpFilePart=0x0) returned 0x31 [0241.990] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\", nBufferLength=0x105, lpBuffer=0x19ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\", lpFilePart=0x0) returned 0x32 [0241.990] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\*", lpFindFileData=0x19ecb0 | out: lpFindFileData=0x19ecb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89eaf60, ftCreationTime.dwHighDateTime=0x1d705cf, ftLastAccessTime.dwLowDateTime=0x8efdbf00, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0x8efdbf00, ftLastWriteTime.dwHighDateTime=0x1d707dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a73f0 [0241.991] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89eaf60, ftCreationTime.dwHighDateTime=0x1d705cf, ftLastAccessTime.dwLowDateTime=0x8efdbf00, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0x8efdbf00, ftLastWriteTime.dwHighDateTime=0x1d707dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0241.991] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39d09520, ftCreationTime.dwHighDateTime=0x1d7072e, ftLastAccessTime.dwLowDateTime=0xb18f78f0, ftLastAccessTime.dwHighDateTime=0x1d707d4, ftLastWriteTime.dwLowDateTime=0xb18f78f0, ftLastWriteTime.dwHighDateTime=0x1d707d4, nFileSizeHigh=0x0, nFileSizeLow=0x16bc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="2zACndvEh_8MXEx.jpg", cAlternateFileName="2ZACND~1.JPG")) returned 1 [0241.991] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eccd700, ftCreationTime.dwHighDateTime=0x1d707a8, ftLastAccessTime.dwLowDateTime=0xfc07180, ftLastAccessTime.dwHighDateTime=0x1d709c0, ftLastWriteTime.dwLowDateTime=0xfc07180, ftLastWriteTime.dwHighDateTime=0x1d709c0, nFileSizeHigh=0x0, nFileSizeLow=0x118a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="3oj9wPcrY6MdQ7q3Fh.jpg", cAlternateFileName="3OJ9WP~1.JPG")) returned 1 [0241.992] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x449ef680, ftCreationTime.dwHighDateTime=0x1d7048c, ftLastAccessTime.dwLowDateTime=0xa8d55400, ftLastAccessTime.dwHighDateTime=0x1d709e6, ftLastWriteTime.dwLowDateTime=0xa8d55400, ftLastWriteTime.dwHighDateTime=0x1d709e6, nFileSizeHigh=0x0, nFileSizeLow=0xe036, dwReserved0=0x0, dwReserved1=0x0, cFileName="HWxI5_2sA0.png", cAlternateFileName="HWXI5_~1.PNG")) returned 1 [0241.992] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17a712e0, ftCreationTime.dwHighDateTime=0x1d6fb02, ftLastAccessTime.dwLowDateTime=0x4a14ec0, ftLastAccessTime.dwHighDateTime=0x1d70946, ftLastWriteTime.dwLowDateTime=0x4a14ec0, ftLastWriteTime.dwHighDateTime=0x1d70946, nFileSizeHigh=0x0, nFileSizeLow=0xfe1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="NJ5yLkiN9E2qioGH9nJs.bmp", cAlternateFileName="NJ5YLK~1.BMP")) returned 1 [0241.992] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2955530, ftCreationTime.dwHighDateTime=0x1d6fe4e, ftLastAccessTime.dwLowDateTime=0x7c746480, ftLastAccessTime.dwHighDateTime=0x1d700f1, ftLastWriteTime.dwLowDateTime=0x7c746480, ftLastWriteTime.dwHighDateTime=0x1d700f1, nFileSizeHigh=0x0, nFileSizeLow=0x343e, dwReserved0=0x0, dwReserved1=0x0, cFileName="oA9pUEJthu- SjY71.gif", cAlternateFileName="OA9PUE~1.GIF")) returned 1 [0241.992] FindNextFileW (in: hFindFile=0x8a73f0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0241.993] FindClose (in: hFindFile=0x8a73f0 | out: hFindFile=0x8a73f0) returned 1 [0241.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef48) returned 1 [0241.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef54) returned 1 [0241.994] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg.crypted", lpFilePart=0x0) returned 0x4d [0241.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0241.994] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\2zacndveh_8mxex.jpg.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0241.995] GetFileType (hFile=0x394) returned 0x1 [0241.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0241.995] GetFileType (hFile=0x394) returned 0x1 [0243.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg", lpFilePart=0x0) returned 0x45 [0243.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0243.453] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\2zacndveh_8mxex.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0243.453] GetFileType (hFile=0x358) returned 0x1 [0243.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0243.453] GetFileType (hFile=0x358) returned 0x1 [0243.456] ReadFile (in: hFile=0x358, lpBuffer=0x36266f8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x36266f8*, lpNumberOfBytesRead=0x19ef40*=0x16bc1, lpOverlapped=0x0) returned 1 [0243.516] WriteFile (in: hFile=0x394, lpBuffer=0x2439108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2439108*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0243.517] WriteFile (in: hFile=0x394, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x15be0, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef18*=0x15be0, lpOverlapped=0x0) returned 1 [0243.519] ReadFile (in: hFile=0x358, lpBuffer=0x36266f8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x36266f8*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0243.523] CloseHandle (hObject=0x358) returned 1 [0243.523] WriteFile (in: hFile=0x394, lpBuffer=0x2439108*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x2439108*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0243.524] CloseHandle (hObject=0x394) returned 1 [0243.529] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg", lpFilePart=0x0) returned 0x45 [0243.529] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\2zACndvEh_8MXEx.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\2zacndveh_8mxex.jpg")) returned 1 [0243.536] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg.crypted", lpFilePart=0x0) returned 0x50 [0243.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0243.536] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\3oj9wpcry6mdq7q3fh.jpg.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0243.537] GetFileType (hFile=0x394) returned 0x1 [0243.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0243.537] GetFileType (hFile=0x394) returned 0x1 [0244.775] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg", lpFilePart=0x0) returned 0x48 [0244.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0244.776] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\3oj9wpcry6mdq7q3fh.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0244.776] GetFileType (hFile=0x358) returned 0x1 [0244.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0244.776] GetFileType (hFile=0x358) returned 0x1 [0244.784] ReadFile (in: hFile=0x358, lpBuffer=0x3427128, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3427128*, lpNumberOfBytesRead=0x19ef40*=0x118a4, lpOverlapped=0x0) returned 1 [0244.789] WriteFile (in: hFile=0x394, lpBuffer=0x231defc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x231defc*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0244.790] WriteFile (in: hFile=0x394, lpBuffer=0x232047c*, nNumberOfBytesToWrite=0x108c0, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x232047c*, lpNumberOfBytesWritten=0x19ef18*=0x108c0, lpOverlapped=0x0) returned 1 [0244.792] ReadFile (in: hFile=0x358, lpBuffer=0x3427128, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3427128*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0244.792] CloseHandle (hObject=0x358) returned 1 [0244.792] WriteFile (in: hFile=0x394, lpBuffer=0x231defc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x231defc*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0244.793] CloseHandle (hObject=0x394) returned 1 [0244.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg", lpFilePart=0x0) returned 0x48 [0244.800] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\3oj9wPcrY6MdQ7q3Fh.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\3oj9wpcry6mdq7q3fh.jpg")) returned 1 [0244.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png.crypted", lpFilePart=0x0) returned 0x48 [0244.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0244.817] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\hwxi5_2sa0.png.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0244.817] GetFileType (hFile=0x394) returned 0x1 [0244.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0244.817] GetFileType (hFile=0x394) returned 0x1 [0246.682] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png", lpFilePart=0x0) returned 0x40 [0246.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0246.683] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\hwxi5_2sa0.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0246.683] GetFileType (hFile=0x358) returned 0x1 [0246.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0246.683] GetFileType (hFile=0x358) returned 0x1 [0246.687] ReadFile (in: hFile=0x358, lpBuffer=0x3726718, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3726718*, lpNumberOfBytesRead=0x19ef40*=0xe036, lpOverlapped=0x0) returned 1 [0246.706] WriteFile (in: hFile=0x394, lpBuffer=0x2413250*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2413250*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0246.707] WriteFile (in: hFile=0x394, lpBuffer=0x24157b0*, nNumberOfBytesToWrite=0xd050, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x24157b0*, lpNumberOfBytesWritten=0x19ef18*=0xd050, lpOverlapped=0x0) returned 1 [0246.709] ReadFile (in: hFile=0x358, lpBuffer=0x3726718, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3726718*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0246.709] CloseHandle (hObject=0x358) returned 1 [0246.710] WriteFile (in: hFile=0x394, lpBuffer=0x2413250*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x2413250*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0246.710] CloseHandle (hObject=0x394) returned 1 [0246.713] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png", lpFilePart=0x0) returned 0x40 [0246.713] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\HWxI5_2sA0.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\hwxi5_2sa0.png")) returned 1 [0246.718] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp.crypted", lpFilePart=0x0) returned 0x52 [0246.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0246.719] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\nj5ylkin9e2qiogh9njs.bmp.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0246.719] GetFileType (hFile=0x394) returned 0x1 [0246.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0246.719] GetFileType (hFile=0x394) returned 0x1 [0248.094] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp", lpFilePart=0x0) returned 0x4a [0248.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0248.094] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\nj5ylkin9e2qiogh9njs.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0248.095] GetFileType (hFile=0x358) returned 0x1 [0248.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0248.095] GetFileType (hFile=0x358) returned 0x1 [0248.098] ReadFile (in: hFile=0x358, lpBuffer=0x3826738, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3826738*, lpNumberOfBytesRead=0x19ef40*=0xfe1a, lpOverlapped=0x0) returned 1 [0248.112] WriteFile (in: hFile=0x394, lpBuffer=0x2304df8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2304df8*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0248.113] WriteFile (in: hFile=0x394, lpBuffer=0x2307380*, nNumberOfBytesToWrite=0xee30, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x2307380*, lpNumberOfBytesWritten=0x19ef18*=0xee30, lpOverlapped=0x0) returned 1 [0248.115] ReadFile (in: hFile=0x358, lpBuffer=0x3826738, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3826738*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0248.115] CloseHandle (hObject=0x358) returned 1 [0248.116] WriteFile (in: hFile=0x394, lpBuffer=0x2304df8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x2304df8*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0248.116] CloseHandle (hObject=0x394) returned 1 [0248.119] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp", lpFilePart=0x0) returned 0x4a [0248.119] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\NJ5yLkiN9E2qioGH9nJs.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\nj5ylkin9e2qiogh9njs.bmp")) returned 1 [0248.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif.crypted", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif.crypted", lpFilePart=0x0) returned 0x4f [0248.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0248.125] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\oa9puejthu- sjy71.gif.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0248.126] GetFileType (hFile=0x394) returned 0x1 [0248.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0248.126] GetFileType (hFile=0x394) returned 0x1 [0249.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif", nBufferLength=0x105, lpBuffer=0x19e98c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif", lpFilePart=0x0) returned 0x47 [0249.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ee80) returned 1 [0249.458] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\oa9puejthu- sjy71.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0249.458] GetFileType (hFile=0x358) returned 0x1 [0249.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ee7c) returned 1 [0249.458] GetFileType (hFile=0x358) returned 0x1 [0249.462] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef40*=0x343e, lpOverlapped=0x0) returned 1 [0249.475] WriteFile (in: hFile=0x394, lpBuffer=0x23f8e94*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x23f8e94*, lpNumberOfBytesWritten=0x19ef18*=0x1000, lpOverlapped=0x0) returned 1 [0249.477] WriteFile (in: hFile=0x394, lpBuffer=0x23fb40c*, nNumberOfBytesToWrite=0x2450, lpNumberOfBytesWritten=0x19ef18, lpOverlapped=0x0 | out: lpBuffer=0x23fb40c*, lpNumberOfBytesWritten=0x19ef18*=0x2450, lpOverlapped=0x0) returned 1 [0249.477] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef40, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef40*=0x0, lpOverlapped=0x0) returned 1 [0249.478] CloseHandle (hObject=0x358) returned 1 [0249.478] WriteFile (in: hFile=0x394, lpBuffer=0x23f8e94*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19eef0, lpOverlapped=0x0 | out: lpBuffer=0x23f8e94*, lpNumberOfBytesWritten=0x19eef0*=0x10, lpOverlapped=0x0) returned 1 [0249.478] CloseHandle (hObject=0x394) returned 1 [0249.484] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif", lpFilePart=0x0) returned 0x47 [0249.484] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\oA9pUEJthu- SjY71.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\m7eajc2\\7f8h_d0pzn\\oa9puejthu- sjy71.gif")) returned 1 [0249.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef88) returned 1 [0249.488] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn", nBufferLength=0x105, lpBuffer=0x19ea90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn", lpFilePart=0x0) returned 0x31 [0249.489] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\", nBufferLength=0x105, lpBuffer=0x19ea64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\", lpFilePart=0x0) returned 0x32 [0249.489] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\m7eajC2\\7f8H_D0pzn\\*", lpFindFileData=0x19ecb0 | out: lpFindFileData=0x19ecb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89eaf60, ftCreationTime.dwHighDateTime=0x1d705cf, ftLastAccessTime.dwLowDateTime=0x8efdbf00, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0xbb7d4201, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a78b0 [0249.490] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa89eaf60, ftCreationTime.dwHighDateTime=0x1d705cf, ftLastAccessTime.dwLowDateTime=0x8efdbf00, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0xbb7d4201, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0249.491] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb705ffd1, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb705ffd1, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb7f03b34, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x16bf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2zACndvEh_8MXEx.jpg.crypted", cAlternateFileName="2ZACND~1.CRY")) returned 1 [0249.492] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7f14fdb, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb7f14fdb, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb8b211d8, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x118d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3oj9wPcrY6MdQ7q3Fh.jpg.crypted", cAlternateFileName="3OJ9WP~1.CRY")) returned 1 [0249.492] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8b4b516, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb8b4b516, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xb9d61730, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe060, dwReserved0=0x0, dwReserved1=0x0, cFileName="HWxI5_2sA0.png.crypted", cAlternateFileName="HWXI5_~1.CRY")) returned 1 [0249.493] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9d6e9ec, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xb9d6e9ec, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xbaac83ae, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xfe40, dwReserved0=0x0, dwReserved1=0x0, cFileName="NJ5yLkiN9E2qioGH9nJs.bmp.crypted", cAlternateFileName="NJ5YLK~1.CRY")) returned 1 [0249.493] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbaad94b1, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xbaad94b1, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xbb7cccb6, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x3460, dwReserved0=0x0, dwReserved1=0x0, cFileName="oA9pUEJthu- SjY71.gif.crypted", cAlternateFileName="OA9PUE~1.CRY")) returned 1 [0249.494] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecc0 | out: lpFindFileData=0x19ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbaad94b1, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xbaad94b1, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xbb7cccb6, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x3460, dwReserved0=0x0, dwReserved1=0x0, cFileName="oA9pUEJthu- SjY71.gif.crypted", cAlternateFileName="OA9PUE~1.CRY")) returned 0 [0249.494] FindClose (in: hFindFile=0x8a78b0 | out: hFindFile=0x8a78b0) returned 1 [0249.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef48) returned 1 [0249.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef54) returned 1 [0249.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0249.495] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures", lpFilePart=0x0) returned 0x2d [0249.495] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\", lpFilePart=0x0) returned 0x2e [0249.495] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a78b0 [0249.498] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0249.499] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0249.499] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0249.499] FindClose (in: hFindFile=0x8a78b0 | out: hFindFile=0x8a78b0) returned 1 [0249.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0249.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0249.501] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini.crypted", lpFilePart=0x0) returned 0x41 [0249.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0249.501] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0249.502] GetFileType (hFile=0x394) returned 0x1 [0249.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0249.503] GetFileType (hFile=0x394) returned 0x1 [0250.963] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", lpFilePart=0x0) returned 0x39 [0250.963] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0250.963] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0250.964] GetFileType (hFile=0x358) returned 0x1 [0250.964] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0250.964] GetFileType (hFile=0x358) returned 0x1 [0250.967] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0xbe, lpOverlapped=0x0) returned 1 [0250.977] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0250.977] CloseHandle (hObject=0x358) returned 1 [0250.977] WriteFile (in: hFile=0x394, lpBuffer=0x24e1744*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x24e1744*, lpNumberOfBytesWritten=0x19ef24*=0xe0, lpOverlapped=0x0) returned 1 [0250.978] CloseHandle (hObject=0x394) returned 1 [0250.983] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", lpFilePart=0x0) returned 0x39 [0250.983] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini")) returned 1 [0250.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0250.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures", lpFilePart=0x0) returned 0x2d [0250.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\", lpFilePart=0x0) returned 0x2e [0250.985] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0xbc61ad2b, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a78b0 [0250.986] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0xbc61ad2b, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.987] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb7f8ca5, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xbb7f8ca5, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xbc619a15, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.crypted", cAlternateFileName="DESKTO~1.CRY")) returned 1 [0250.987] FindNextFileW (in: hFindFile=0x8a78b0, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb7f8ca5, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xbb7f8ca5, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xbc619a15, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.crypted", cAlternateFileName="DESKTO~1.CRY")) returned 0 [0250.987] FindClose (in: hFindFile=0x8a78b0 | out: hFindFile=0x8a78b0) returned 1 [0250.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0250.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0250.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eff0) returned 1 [0250.988] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0250.992] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x19eacc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0250.992] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*", lpFindFileData=0x19ed18 | out: lpFindFileData=0x19ed18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58809748, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x58809748, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7930 [0250.993] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58809748, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x58809748, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.994] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41897050, ftCreationTime.dwHighDateTime=0x1d6fdc1, ftLastAccessTime.dwLowDateTime=0x3a1a64f0, ftLastAccessTime.dwHighDateTime=0x1d700c3, ftLastWriteTime.dwLowDateTime=0x3a1a64f0, ftLastWriteTime.dwHighDateTime=0x1d700c3, nFileSizeHigh=0x0, nFileSizeLow=0xcac7, dwReserved0=0x0, dwReserved1=0x0, cFileName="-dKCymjM6t.xls", cAlternateFileName="-DKCYM~1.XLS")) returned 1 [0250.994] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14546010, ftCreationTime.dwHighDateTime=0x1d6ffd1, ftLastAccessTime.dwLowDateTime=0x41836690, ftLastAccessTime.dwHighDateTime=0x1d70016, ftLastWriteTime.dwLowDateTime=0x41836690, ftLastWriteTime.dwHighDateTime=0x1d70016, nFileSizeHigh=0x0, nFileSizeLow=0x12db1, dwReserved0=0x0, dwReserved1=0x0, cFileName="0i4blKWnXDBzRDzcOs.pps", cAlternateFileName="0I4BLK~1.PPS")) returned 1 [0250.994] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x377c04f0, ftCreationTime.dwHighDateTime=0x1d706b9, ftLastAccessTime.dwLowDateTime=0x1ee8b650, ftLastAccessTime.dwHighDateTime=0x1d7074e, ftLastWriteTime.dwLowDateTime=0x1ee8b650, ftLastWriteTime.dwHighDateTime=0x1d7074e, nFileSizeHigh=0x0, nFileSizeLow=0x186aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="4AvDU315bNLSZ.docx", cAlternateFileName="4AVDU3~1.DOC")) returned 1 [0250.995] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89f40970, ftCreationTime.dwHighDateTime=0x1d6fafd, ftLastAccessTime.dwLowDateTime=0xc221fb70, ftLastAccessTime.dwHighDateTime=0x1d6ff28, ftLastWriteTime.dwLowDateTime=0xc221fb70, ftLastWriteTime.dwHighDateTime=0x1d6ff28, nFileSizeHigh=0x0, nFileSizeLow=0x1d72, dwReserved0=0x0, dwReserved1=0x0, cFileName="4oHiOkMBXj9.doc", cAlternateFileName="4OHIOK~1.DOC")) returned 1 [0251.017] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0166dc0, ftCreationTime.dwHighDateTime=0x1d68f6d, ftLastAccessTime.dwLowDateTime=0x1920a3a0, ftLastAccessTime.dwHighDateTime=0x1d6d1ba, ftLastWriteTime.dwLowDateTime=0x1920a3a0, ftLastWriteTime.dwHighDateTime=0x1d6d1ba, nFileSizeHigh=0x0, nFileSizeLow=0x16e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="4txGY.xlsx", cAlternateFileName="4TXGY~1.XLS")) returned 1 [0251.018] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2299090, ftCreationTime.dwHighDateTime=0x1d6fced, ftLastAccessTime.dwLowDateTime=0xfa87580, ftLastAccessTime.dwHighDateTime=0x1d6fdb3, ftLastWriteTime.dwLowDateTime=0xfa87580, ftLastWriteTime.dwHighDateTime=0x1d6fdb3, nFileSizeHigh=0x0, nFileSizeLow=0x184d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="6hN4c63 FU4H.odp", cAlternateFileName="6HN4C6~1.ODP")) returned 1 [0251.018] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761dd070, ftCreationTime.dwHighDateTime=0x1d6d500, ftLastAccessTime.dwLowDateTime=0x51c9db50, ftLastAccessTime.dwHighDateTime=0x1d6f5fe, ftLastWriteTime.dwLowDateTime=0x51c9db50, ftLastWriteTime.dwHighDateTime=0x1d6f5fe, nFileSizeHigh=0x0, nFileSizeLow=0xf973, dwReserved0=0x0, dwReserved1=0x0, cFileName="6u7pw7FlU48.pptx", cAlternateFileName="6U7PW7~1.PPT")) returned 1 [0251.019] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91f934e0, ftCreationTime.dwHighDateTime=0x1d6f8ac, ftLastAccessTime.dwLowDateTime=0xfcd6f650, ftLastAccessTime.dwHighDateTime=0x1d6ff49, ftLastWriteTime.dwLowDateTime=0xfcd6f650, ftLastWriteTime.dwHighDateTime=0x1d6ff49, nFileSizeHigh=0x0, nFileSizeLow=0xc4af, dwReserved0=0x0, dwReserved1=0x0, cFileName="9owOKQ0XPX.docx", cAlternateFileName="9OWOKQ~1.DOC")) returned 1 [0251.019] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdef83b0, ftCreationTime.dwHighDateTime=0x1d7047e, ftLastAccessTime.dwLowDateTime=0x1c7ba390, ftLastAccessTime.dwHighDateTime=0x1d709e3, ftLastWriteTime.dwLowDateTime=0x1c7ba390, ftLastWriteTime.dwHighDateTime=0x1d709e3, nFileSizeHigh=0x0, nFileSizeLow=0x4cbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="9wXmWGHa4ITFRR.ppt", cAlternateFileName="9WXMWG~1.PPT")) returned 1 [0251.019] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfedbea90, ftCreationTime.dwHighDateTime=0x1d6d4b6, ftLastAccessTime.dwLowDateTime=0x9ad291f0, ftLastAccessTime.dwHighDateTime=0x1d6e25f, ftLastWriteTime.dwLowDateTime=0x9ad291f0, ftLastWriteTime.dwHighDateTime=0x1d6e25f, nFileSizeHigh=0x0, nFileSizeLow=0x18e42, dwReserved0=0x0, dwReserved1=0x0, cFileName="cfxIXSMlKxJA32om.pptx", cAlternateFileName="CFXIXS~1.PPT")) returned 1 [0251.020] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddb6fdb0, ftCreationTime.dwHighDateTime=0x1d6bc6e, ftLastAccessTime.dwLowDateTime=0x2c2cc0d0, ftLastAccessTime.dwHighDateTime=0x1d6f962, ftLastWriteTime.dwLowDateTime=0x2c2cc0d0, ftLastWriteTime.dwHighDateTime=0x1d6f962, nFileSizeHigh=0x0, nFileSizeLow=0x15235, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTq2.pptx", cAlternateFileName="CTQ2~1.PPT")) returned 1 [0251.020] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef97b00, ftCreationTime.dwHighDateTime=0x1d70902, ftLastAccessTime.dwLowDateTime=0x8b951700, ftLastAccessTime.dwHighDateTime=0x1d709ea, ftLastWriteTime.dwLowDateTime=0x8b951700, ftLastWriteTime.dwHighDateTime=0x1d709ea, nFileSizeHigh=0x0, nFileSizeLow=0x17503, dwReserved0=0x0, dwReserved1=0x0, cFileName="d9S_PU2YkSXvYiTdOmKi.pdf", cAlternateFileName="D9S_PU~1.PDF")) returned 1 [0251.020] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4372e947, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0251.021] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9514eb30, ftCreationTime.dwHighDateTime=0x1d707ff, ftLastAccessTime.dwLowDateTime=0xde3c7710, ftLastAccessTime.dwHighDateTime=0x1d709ee, ftLastWriteTime.dwLowDateTime=0xde3c7710, ftLastWriteTime.dwHighDateTime=0x1d709ee, nFileSizeHigh=0x0, nFileSizeLow=0x437a, dwReserved0=0x0, dwReserved1=0x0, cFileName="dlKPNzm.xls", cAlternateFileName="")) returned 1 [0251.021] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4aa3e2d0, ftCreationTime.dwHighDateTime=0x1d6f29d, ftLastAccessTime.dwLowDateTime=0xfb0f8230, ftLastAccessTime.dwHighDateTime=0x1d6f4d4, ftLastWriteTime.dwLowDateTime=0xfb0f8230, ftLastWriteTime.dwHighDateTime=0x1d6f4d4, nFileSizeHigh=0x0, nFileSizeLow=0x179ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="e3rx.docx", cAlternateFileName="E3RX~1.DOC")) returned 1 [0251.021] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5865ac30, ftCreationTime.dwHighDateTime=0x1d6ffb5, ftLastAccessTime.dwLowDateTime=0x26238ec0, ftLastAccessTime.dwHighDateTime=0x1d7066f, ftLastWriteTime.dwLowDateTime=0x26238ec0, ftLastWriteTime.dwHighDateTime=0x1d7066f, nFileSizeHigh=0x0, nFileSizeLow=0x170ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="elaXp_yU-M7.xls", cAlternateFileName="ELAXP_~1.XLS")) returned 1 [0251.021] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5bc22c10, ftCreationTime.dwHighDateTime=0x1d6effb, ftLastAccessTime.dwLowDateTime=0x2d7352b0, ftLastAccessTime.dwHighDateTime=0x1d6f2a0, ftLastWriteTime.dwLowDateTime=0x2d7352b0, ftLastWriteTime.dwHighDateTime=0x1d6f2a0, nFileSizeHigh=0x0, nFileSizeLow=0xcecb, dwReserved0=0x0, dwReserved1=0x0, cFileName="F-mhE.xlsx", cAlternateFileName="F-MHE~1.XLS")) returned 1 [0251.021] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce953390, ftCreationTime.dwHighDateTime=0x1d6ce6d, ftLastAccessTime.dwLowDateTime=0x728d5650, ftLastAccessTime.dwHighDateTime=0x1d70319, ftLastWriteTime.dwLowDateTime=0x728d5650, ftLastWriteTime.dwHighDateTime=0x1d70319, nFileSizeHigh=0x0, nFileSizeLow=0x7517, dwReserved0=0x0, dwReserved1=0x0, cFileName="FEBjEB3GAc8uG9QoiVe.docx", cAlternateFileName="FEBJEB~1.DOC")) returned 1 [0251.022] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2257ba0, ftCreationTime.dwHighDateTime=0x1d696bb, ftLastAccessTime.dwLowDateTime=0x44ac4790, ftLastAccessTime.dwHighDateTime=0x1d6b338, ftLastWriteTime.dwLowDateTime=0x44ac4790, ftLastWriteTime.dwHighDateTime=0x1d6b338, nFileSizeHigh=0x0, nFileSizeLow=0x5925, dwReserved0=0x0, dwReserved1=0x0, cFileName="fRqC9SKMJhEVA.xlsx", cAlternateFileName="FRQC9S~1.XLS")) returned 1 [0251.022] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f20f260, ftCreationTime.dwHighDateTime=0x1d6fe77, ftLastAccessTime.dwLowDateTime=0x5ff990b0, ftLastAccessTime.dwHighDateTime=0x1d70000, ftLastWriteTime.dwLowDateTime=0x5ff990b0, ftLastWriteTime.dwHighDateTime=0x1d70000, nFileSizeHigh=0x0, nFileSizeLow=0x258b, dwReserved0=0x0, dwReserved1=0x0, cFileName="gS1iFOFgOpmDYFaP2.csv", cAlternateFileName="GS1IFO~1.CSV")) returned 1 [0251.022] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4ebeb50, ftCreationTime.dwHighDateTime=0x1d6fec9, ftLastAccessTime.dwLowDateTime=0x1d03fb0, ftLastAccessTime.dwHighDateTime=0x1d7023b, ftLastWriteTime.dwLowDateTime=0x1d03fb0, ftLastWriteTime.dwHighDateTime=0x1d7023b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IDhWz54EjpbS8oH", cAlternateFileName="IDHWZ5~1")) returned 1 [0251.023] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5825eb0, ftCreationTime.dwHighDateTime=0x1d6fad4, ftLastAccessTime.dwLowDateTime=0x53196270, ftLastAccessTime.dwHighDateTime=0x1d70146, ftLastWriteTime.dwLowDateTime=0x53196270, ftLastWriteTime.dwHighDateTime=0x1d70146, nFileSizeHigh=0x0, nFileSizeLow=0xc599, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jyexb.pptx", cAlternateFileName="JYEXB~1.PPT")) returned 1 [0251.023] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa10afd50, ftCreationTime.dwHighDateTime=0x1d6fb91, ftLastAccessTime.dwLowDateTime=0x5e16d780, ftLastAccessTime.dwHighDateTime=0x1d704a1, ftLastWriteTime.dwLowDateTime=0x5e16d780, ftLastWriteTime.dwHighDateTime=0x1d704a1, nFileSizeHigh=0x0, nFileSizeLow=0x15648, dwReserved0=0x0, dwReserved1=0x0, cFileName="mu_vUwdrfz9nK.pdf", cAlternateFileName="MU_VUW~1.PDF")) returned 1 [0251.024] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0251.024] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0251.024] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0251.025] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99c32940, ftCreationTime.dwHighDateTime=0x1d70a29, ftLastAccessTime.dwLowDateTime=0x63918970, ftLastAccessTime.dwHighDateTime=0x1d70a51, ftLastWriteTime.dwLowDateTime=0x63918970, ftLastWriteTime.dwHighDateTime=0x1d70a51, nFileSizeHigh=0x0, nFileSizeLow=0x8cde, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nm8X6ZirdLU8kVJc.ots", cAlternateFileName="NM8X6Z~1.OTS")) returned 1 [0251.025] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x65ef9a5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0251.025] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9db1cc0, ftCreationTime.dwHighDateTime=0x1d6a582, ftLastAccessTime.dwLowDateTime=0xd1a8be30, ftLastAccessTime.dwHighDateTime=0x1d6b26b, ftLastWriteTime.dwLowDateTime=0xd1a8be30, ftLastWriteTime.dwHighDateTime=0x1d6b26b, nFileSizeHigh=0x0, nFileSizeLow=0xee8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="RUjn1OdArdO.pptx", cAlternateFileName="RUJN1O~1.PPT")) returned 1 [0251.026] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4b777c0, ftCreationTime.dwHighDateTime=0x1d6fef8, ftLastAccessTime.dwLowDateTime=0xee9c3cf0, ftLastAccessTime.dwHighDateTime=0x1d70307, ftLastWriteTime.dwLowDateTime=0xee9c3cf0, ftLastWriteTime.dwHighDateTime=0x1d70307, nFileSizeHigh=0x0, nFileSizeLow=0x61a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="R_yNy4eoI-Ial9bDJahm.xlsx", cAlternateFileName="R_YNY4~1.XLS")) returned 1 [0251.026] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6e5be0, ftCreationTime.dwHighDateTime=0x1d6f840, ftLastAccessTime.dwLowDateTime=0xd2156fd0, ftLastAccessTime.dwHighDateTime=0x1d6fe74, ftLastWriteTime.dwLowDateTime=0xd2156fd0, ftLastWriteTime.dwHighDateTime=0x1d6fe74, nFileSizeHigh=0x0, nFileSizeLow=0x2c10, dwReserved0=0x0, dwReserved1=0x0, cFileName="sSCtLBz1rRC.docx", cAlternateFileName="SSCTLB~1.DOC")) returned 1 [0251.026] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41b9dd20, ftCreationTime.dwHighDateTime=0x1d70209, ftLastAccessTime.dwLowDateTime=0x1f9889a0, ftLastAccessTime.dwHighDateTime=0x1d70a54, ftLastWriteTime.dwLowDateTime=0x1f9889a0, ftLastWriteTime.dwHighDateTime=0x1d70a54, nFileSizeHigh=0x0, nFileSizeLow=0xfb0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="sS__yUDQ6eVd.xls", cAlternateFileName="SS__YU~1.XLS")) returned 1 [0251.027] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10b67220, ftCreationTime.dwHighDateTime=0x1d6d2c9, ftLastAccessTime.dwLowDateTime=0x4d01fe0, ftLastAccessTime.dwHighDateTime=0x1d6f6cf, ftLastWriteTime.dwLowDateTime=0x4d01fe0, ftLastWriteTime.dwHighDateTime=0x1d6f6cf, nFileSizeHigh=0x0, nFileSizeLow=0x16f49, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tkfw1r1M5TW5.xlsx", cAlternateFileName="TKFW1R~1.XLS")) returned 1 [0251.027] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85ad980, ftCreationTime.dwHighDateTime=0x1d701e1, ftLastAccessTime.dwLowDateTime=0x120251d0, ftLastAccessTime.dwHighDateTime=0x1d70447, ftLastWriteTime.dwLowDateTime=0x120251d0, ftLastWriteTime.dwHighDateTime=0x1d70447, nFileSizeHigh=0x0, nFileSizeLow=0x18d66, dwReserved0=0x0, dwReserved1=0x0, cFileName="UWMAv1LvMInByi.odt", cAlternateFileName="UWMAV1~1.ODT")) returned 1 [0251.029] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6b48a40, ftCreationTime.dwHighDateTime=0x1d70875, ftLastAccessTime.dwLowDateTime=0xae547420, ftLastAccessTime.dwHighDateTime=0x1d70882, ftLastWriteTime.dwLowDateTime=0xae547420, ftLastWriteTime.dwHighDateTime=0x1d70882, nFileSizeHigh=0x0, nFileSizeLow=0x12f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="V4j6Gj72.doc", cAlternateFileName="")) returned 1 [0251.029] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x680ecd0, ftCreationTime.dwHighDateTime=0x1d70899, ftLastAccessTime.dwLowDateTime=0x4e52b330, ftLastAccessTime.dwHighDateTime=0x1d70908, ftLastWriteTime.dwLowDateTime=0x4e52b330, ftLastWriteTime.dwHighDateTime=0x1d70908, nFileSizeHigh=0x0, nFileSizeLow=0x47a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="VVIj_dir5hfjCIYqyEk2.pps", cAlternateFileName="VVIJ_D~1.PPS")) returned 1 [0251.029] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc1aca00, ftCreationTime.dwHighDateTime=0x1d6e27f, ftLastAccessTime.dwLowDateTime=0x656daa0, ftLastAccessTime.dwHighDateTime=0x1d70009, ftLastWriteTime.dwLowDateTime=0x656daa0, ftLastWriteTime.dwHighDateTime=0x1d70009, nFileSizeHigh=0x0, nFileSizeLow=0x1919, dwReserved0=0x0, dwReserved1=0x0, cFileName="zeGkvyC5a.pptx", cAlternateFileName="ZEGKVY~1.PPT")) returned 1 [0251.029] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xced88000, ftCreationTime.dwHighDateTime=0x1d70806, ftLastAccessTime.dwLowDateTime=0x18db95c0, ftLastAccessTime.dwHighDateTime=0x1d708ac, ftLastWriteTime.dwLowDateTime=0x18db95c0, ftLastWriteTime.dwHighDateTime=0x1d708ac, nFileSizeHigh=0x0, nFileSizeLow=0x72d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zR8r9B.docx", cAlternateFileName="ZR8R9B~1.DOC")) returned 1 [0251.030] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7fd5520, ftCreationTime.dwHighDateTime=0x1d7068c, ftLastAccessTime.dwLowDateTime=0xdc3103f0, ftLastAccessTime.dwHighDateTime=0x1d707af, ftLastWriteTime.dwLowDateTime=0xdc3103f0, ftLastWriteTime.dwHighDateTime=0x1d707af, nFileSizeHigh=0x0, nFileSizeLow=0xe565, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZZW2.pptx", cAlternateFileName="ZZW2~1.PPT")) returned 1 [0251.030] FindNextFileW (in: hFindFile=0x8a7930, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0251.030] FindClose (in: hFindFile=0x8a7930 | out: hFindFile=0x8a7930) returned 1 [0251.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efb0) returned 1 [0251.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efbc) returned 1 [0251.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls.crypted", lpFilePart=0x0) returned 0x36 [0251.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0251.038] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\-dkcymjm6t.xls.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0251.038] GetFileType (hFile=0x394) returned 0x1 [0251.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0251.039] GetFileType (hFile=0x394) returned 0x1 [0252.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls", lpFilePart=0x0) returned 0x2e [0252.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0252.543] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\-dkcymjm6t.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0252.544] GetFileType (hFile=0x358) returned 0x1 [0252.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0252.544] GetFileType (hFile=0x358) returned 0x1 [0252.547] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0xcac7, lpOverlapped=0x0) returned 1 [0252.574] WriteFile (in: hFile=0x394, lpBuffer=0x23c9904*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23c9904*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0252.576] WriteFile (in: hFile=0x394, lpBuffer=0x23cbe40*, nNumberOfBytesToWrite=0xbae0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23cbe40*, lpNumberOfBytesWritten=0x19ef80*=0xbae0, lpOverlapped=0x0) returned 1 [0252.578] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0252.578] CloseHandle (hObject=0x358) returned 1 [0252.578] WriteFile (in: hFile=0x394, lpBuffer=0x23c9904*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23c9904*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0252.578] CloseHandle (hObject=0x394) returned 1 [0252.586] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls", lpFilePart=0x0) returned 0x2e [0252.587] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\-dKCymjM6t.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\-dkcymjm6t.xls")) returned 1 [0252.591] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps.crypted", lpFilePart=0x0) returned 0x3e [0252.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0252.592] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0i4blkwnxdbzrdzcos.pps.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0252.592] GetFileType (hFile=0x394) returned 0x1 [0252.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0252.593] GetFileType (hFile=0x394) returned 0x1 [0254.298] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps", lpFilePart=0x0) returned 0x36 [0254.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0254.298] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0i4blkwnxdbzrdzcos.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0254.300] GetFileType (hFile=0x358) returned 0x1 [0254.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0254.300] GetFileType (hFile=0x358) returned 0x1 [0254.304] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x12db1, lpOverlapped=0x0) returned 1 [0254.322] WriteFile (in: hFile=0x394, lpBuffer=0x24bbc38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24bbc38*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0254.325] WriteFile (in: hFile=0x394, lpBuffer=0x24be194*, nNumberOfBytesToWrite=0x11dd0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24be194*, lpNumberOfBytesWritten=0x19ef80*=0x11dd0, lpOverlapped=0x0) returned 1 [0254.326] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0254.326] CloseHandle (hObject=0x358) returned 1 [0254.327] WriteFile (in: hFile=0x394, lpBuffer=0x24bbc38*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24bbc38*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0254.327] CloseHandle (hObject=0x394) returned 1 [0254.366] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps", lpFilePart=0x0) returned 0x36 [0254.366] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0i4blKWnXDBzRDzcOs.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0i4blkwnxdbzrdzcos.pps")) returned 1 [0254.376] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx.crypted", lpFilePart=0x0) returned 0x3a [0254.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0254.376] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4avdu315bnlsz.docx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0254.378] GetFileType (hFile=0x394) returned 0x1 [0254.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0254.378] GetFileType (hFile=0x394) returned 0x1 [0255.728] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx", lpFilePart=0x0) returned 0x32 [0255.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0255.729] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4avdu315bnlsz.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0255.729] GetFileType (hFile=0x358) returned 0x1 [0255.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0255.729] GetFileType (hFile=0x358) returned 0x1 [0255.731] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x186aa, lpOverlapped=0x0) returned 1 [0255.745] WriteFile (in: hFile=0x394, lpBuffer=0x23b26e4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23b26e4*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0255.746] WriteFile (in: hFile=0x394, lpBuffer=0x3611568*, nNumberOfBytesToWrite=0x176c0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3611568*, lpNumberOfBytesWritten=0x19ef80*=0x176c0, lpOverlapped=0x0) returned 1 [0255.747] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0255.748] CloseHandle (hObject=0x358) returned 1 [0255.748] WriteFile (in: hFile=0x394, lpBuffer=0x23b26e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23b26e4*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0255.748] CloseHandle (hObject=0x394) returned 1 [0256.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx", lpFilePart=0x0) returned 0x32 [0256.425] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4AvDU315bNLSZ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4avdu315bnlsz.docx")) returned 1 [0256.433] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc.crypted", lpFilePart=0x0) returned 0x37 [0256.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0256.433] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4ohiokmbxj9.doc.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0256.434] GetFileType (hFile=0x394) returned 0x1 [0256.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0256.434] GetFileType (hFile=0x394) returned 0x1 [0258.065] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc", lpFilePart=0x0) returned 0x2f [0258.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0258.065] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4ohiokmbxj9.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0258.066] GetFileType (hFile=0x358) returned 0x1 [0258.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0258.066] GetFileType (hFile=0x358) returned 0x1 [0258.070] ReadFile (in: hFile=0x358, lpBuffer=0x3628c48, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3628c48*, lpNumberOfBytesRead=0x19efa8*=0x1d72, lpOverlapped=0x0) returned 1 [0258.083] WriteFile (in: hFile=0x394, lpBuffer=0x24963bc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24963bc*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0258.085] ReadFile (in: hFile=0x358, lpBuffer=0x3628c48, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3628c48*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0258.085] CloseHandle (hObject=0x358) returned 1 [0258.086] WriteFile (in: hFile=0x394, lpBuffer=0x24963bc*, nNumberOfBytesToWrite=0xda0, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24963bc*, lpNumberOfBytesWritten=0x19ef58*=0xda0, lpOverlapped=0x0) returned 1 [0258.086] CloseHandle (hObject=0x394) returned 1 [0258.092] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc", lpFilePart=0x0) returned 0x2f [0258.092] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4oHiOkMBXj9.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4ohiokmbxj9.doc")) returned 1 [0258.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx.crypted", lpFilePart=0x0) returned 0x32 [0258.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0258.098] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4txgy.xlsx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0258.099] GetFileType (hFile=0x394) returned 0x1 [0258.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0258.099] GetFileType (hFile=0x394) returned 0x1 [0259.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx", lpFilePart=0x0) returned 0x2a [0259.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0259.484] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4txgy.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0259.484] GetFileType (hFile=0x358) returned 0x1 [0259.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0259.484] GetFileType (hFile=0x358) returned 0x1 [0259.487] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x16e7, lpOverlapped=0x0) returned 1 [0259.498] WriteFile (in: hFile=0x394, lpBuffer=0x237d2e4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x237d2e4*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0259.499] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0259.499] CloseHandle (hObject=0x358) returned 1 [0259.499] WriteFile (in: hFile=0x394, lpBuffer=0x237d2e4*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x237d2e4*, lpNumberOfBytesWritten=0x19ef58*=0x710, lpOverlapped=0x0) returned 1 [0259.499] CloseHandle (hObject=0x394) returned 1 [0259.512] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx", lpFilePart=0x0) returned 0x2a [0259.513] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4txGY.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4txgy.xlsx")) returned 1 [0259.518] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp.crypted", lpFilePart=0x0) returned 0x38 [0259.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0259.518] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6hn4c63 fu4h.odp.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0259.519] GetFileType (hFile=0x394) returned 0x1 [0259.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0259.519] GetFileType (hFile=0x394) returned 0x1 [0261.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp", lpFilePart=0x0) returned 0x30 [0261.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0261.138] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6hn4c63 fu4h.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0261.138] GetFileType (hFile=0x358) returned 0x1 [0261.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0261.138] GetFileType (hFile=0x358) returned 0x1 [0261.142] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x184d7, lpOverlapped=0x0) returned 1 [0261.163] WriteFile (in: hFile=0x394, lpBuffer=0x246274c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x246274c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0261.165] WriteFile (in: hFile=0x394, lpBuffer=0x3611568*, nNumberOfBytesToWrite=0x174f0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3611568*, lpNumberOfBytesWritten=0x19ef80*=0x174f0, lpOverlapped=0x0) returned 1 [0261.167] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0261.167] CloseHandle (hObject=0x358) returned 1 [0261.168] WriteFile (in: hFile=0x394, lpBuffer=0x246274c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x246274c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0261.168] CloseHandle (hObject=0x394) returned 1 [0261.173] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp", lpFilePart=0x0) returned 0x30 [0261.173] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6hN4c63 FU4H.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6hn4c63 fu4h.odp")) returned 1 [0261.179] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx.crypted", lpFilePart=0x0) returned 0x38 [0261.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0261.179] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6u7pw7flu48.pptx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0261.180] GetFileType (hFile=0x394) returned 0x1 [0261.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0261.180] GetFileType (hFile=0x394) returned 0x1 [0262.517] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx", lpFilePart=0x0) returned 0x30 [0262.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0262.517] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6u7pw7flu48.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0262.518] GetFileType (hFile=0x358) returned 0x1 [0262.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0262.518] GetFileType (hFile=0x358) returned 0x1 [0262.549] ReadFile (in: hFile=0x358, lpBuffer=0x3628a78, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3628a78*, lpNumberOfBytesRead=0x19efa8*=0xf973, lpOverlapped=0x0) returned 1 [0262.562] WriteFile (in: hFile=0x394, lpBuffer=0x2346558*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2346558*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0262.564] WriteFile (in: hFile=0x394, lpBuffer=0x2348a9c*, nNumberOfBytesToWrite=0xe990, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2348a9c*, lpNumberOfBytesWritten=0x19ef80*=0xe990, lpOverlapped=0x0) returned 1 [0262.565] ReadFile (in: hFile=0x358, lpBuffer=0x3628a78, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3628a78*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0262.565] CloseHandle (hObject=0x358) returned 1 [0262.566] WriteFile (in: hFile=0x394, lpBuffer=0x2346558*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2346558*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0262.566] CloseHandle (hObject=0x394) returned 1 [0262.573] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx", lpFilePart=0x0) returned 0x30 [0262.573] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6u7pw7FlU48.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6u7pw7flu48.pptx")) returned 1 [0262.586] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx.crypted", lpFilePart=0x0) returned 0x37 [0262.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0262.586] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\9owokq0xpx.docx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0262.586] GetFileType (hFile=0x394) returned 0x1 [0262.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0262.587] GetFileType (hFile=0x394) returned 0x1 [0263.995] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx", lpFilePart=0x0) returned 0x2f [0263.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0263.996] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\9owokq0xpx.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0263.996] GetFileType (hFile=0x358) returned 0x1 [0263.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0263.996] GetFileType (hFile=0x358) returned 0x1 [0264.001] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0xc4af, lpOverlapped=0x0) returned 1 [0264.014] WriteFile (in: hFile=0x394, lpBuffer=0x243a764*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x243a764*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0264.016] WriteFile (in: hFile=0x394, lpBuffer=0x243cca0*, nNumberOfBytesToWrite=0xb4c0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x243cca0*, lpNumberOfBytesWritten=0x19ef80*=0xb4c0, lpOverlapped=0x0) returned 1 [0264.019] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0264.019] CloseHandle (hObject=0x358) returned 1 [0264.020] WriteFile (in: hFile=0x394, lpBuffer=0x243a764*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x243a764*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0264.020] CloseHandle (hObject=0x394) returned 1 [0264.025] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx", lpFilePart=0x0) returned 0x2f [0264.025] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9owOKQ0XPX.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\9owokq0xpx.docx")) returned 1 [0264.029] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt.crypted", lpFilePart=0x0) returned 0x3a [0264.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0264.029] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\9wxmwgha4itfrr.ppt.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0264.030] GetFileType (hFile=0x394) returned 0x1 [0264.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0264.030] GetFileType (hFile=0x394) returned 0x1 [0265.345] HeapFree (in: hHeap=0x850000, dwFlags=0x0, lpMem=0x893398 | out: hHeap=0x850000) returned 1 [0265.699] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt", lpFilePart=0x0) returned 0x32 [0265.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0265.699] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\9wxmwgha4itfrr.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0265.702] GetFileType (hFile=0x358) returned 0x1 [0265.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0265.702] GetFileType (hFile=0x358) returned 0x1 [0265.705] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x4cbb, lpOverlapped=0x0) returned 1 [0265.720] WriteFile (in: hFile=0x394, lpBuffer=0x232aae4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x232aae4*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0265.722] WriteFile (in: hFile=0x394, lpBuffer=0x232d030*, nNumberOfBytesToWrite=0x3cd0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x232d030*, lpNumberOfBytesWritten=0x19ef80*=0x3cd0, lpOverlapped=0x0) returned 1 [0265.723] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0265.723] CloseHandle (hObject=0x358) returned 1 [0265.724] WriteFile (in: hFile=0x394, lpBuffer=0x232aae4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x232aae4*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0265.724] CloseHandle (hObject=0x394) returned 1 [0265.728] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt", lpFilePart=0x0) returned 0x32 [0265.728] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9wXmWGHa4ITFRR.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\9wxmwgha4itfrr.ppt")) returned 1 [0265.746] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx.crypted", lpFilePart=0x0) returned 0x3d [0265.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0265.746] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\cfxixsmlkxja32om.pptx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0265.749] GetFileType (hFile=0x394) returned 0x1 [0265.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0265.749] GetFileType (hFile=0x394) returned 0x1 [0267.107] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx", lpFilePart=0x0) returned 0x35 [0267.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0267.108] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\cfxixsmlkxja32om.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0267.110] GetFileType (hFile=0x358) returned 0x1 [0267.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0267.110] GetFileType (hFile=0x358) returned 0x1 [0267.112] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x18e42, lpOverlapped=0x0) returned 1 [0267.160] WriteFile (in: hFile=0x394, lpBuffer=0x2413700*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2413700*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0267.163] WriteFile (in: hFile=0x394, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x17e60, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef80*=0x17e60, lpOverlapped=0x0) returned 1 [0267.165] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0267.168] CloseHandle (hObject=0x358) returned 1 [0267.169] WriteFile (in: hFile=0x394, lpBuffer=0x2413700*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2413700*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0267.169] CloseHandle (hObject=0x394) returned 1 [0267.733] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx", lpFilePart=0x0) returned 0x35 [0267.733] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\cfxIXSMlKxJA32om.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\cfxixsmlkxja32om.pptx")) returned 1 [0267.738] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx.crypted", lpFilePart=0x0) returned 0x31 [0267.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0267.739] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ctq2.pptx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0267.740] GetFileType (hFile=0x394) returned 0x1 [0267.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0267.740] GetFileType (hFile=0x394) returned 0x1 [0269.261] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx", lpFilePart=0x0) returned 0x29 [0269.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0269.261] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ctq2.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0269.261] GetFileType (hFile=0x358) returned 0x1 [0269.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0269.261] GetFileType (hFile=0x358) returned 0x1 [0269.268] ReadFile (in: hFile=0x358, lpBuffer=0x34293a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x34293a8*, lpNumberOfBytesRead=0x19efa8*=0x15235, lpOverlapped=0x0) returned 1 [0269.272] WriteFile (in: hFile=0x394, lpBuffer=0x22f964c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x22f964c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0269.273] WriteFile (in: hFile=0x394, lpBuffer=0x352a3a8*, nNumberOfBytesToWrite=0x14250, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x352a3a8*, lpNumberOfBytesWritten=0x19ef80*=0x14250, lpOverlapped=0x0) returned 1 [0269.275] ReadFile (in: hFile=0x358, lpBuffer=0x34293a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x34293a8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0269.275] CloseHandle (hObject=0x358) returned 1 [0269.275] WriteFile (in: hFile=0x394, lpBuffer=0x22f964c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x22f964c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0269.275] CloseHandle (hObject=0x394) returned 1 [0269.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx", lpFilePart=0x0) returned 0x29 [0269.278] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\CTq2.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ctq2.pptx")) returned 1 [0269.282] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf.crypted", lpFilePart=0x0) returned 0x40 [0269.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0269.282] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\d9s_pu2yksxvyitdomki.pdf.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0269.283] GetFileType (hFile=0x394) returned 0x1 [0269.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0269.283] GetFileType (hFile=0x394) returned 0x1 [0270.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf", lpFilePart=0x0) returned 0x38 [0270.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0270.383] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\d9s_pu2yksxvyitdomki.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0270.384] GetFileType (hFile=0x358) returned 0x1 [0270.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0270.384] GetFileType (hFile=0x358) returned 0x1 [0270.386] ReadFile (in: hFile=0x358, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x17503, lpOverlapped=0x0) returned 1 [0270.402] WriteFile (in: hFile=0x394, lpBuffer=0x23dd678*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23dd678*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0270.403] WriteFile (in: hFile=0x394, lpBuffer=0x353f5f8*, nNumberOfBytesToWrite=0x16520, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x353f5f8*, lpNumberOfBytesWritten=0x19ef80*=0x16520, lpOverlapped=0x0) returned 1 [0270.405] ReadFile (in: hFile=0x358, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0270.405] CloseHandle (hObject=0x358) returned 1 [0270.406] WriteFile (in: hFile=0x394, lpBuffer=0x23dd678*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23dd678*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0270.406] CloseHandle (hObject=0x394) returned 1 [0270.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf", lpFilePart=0x0) returned 0x38 [0270.412] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\d9S_PU2YkSXvYiTdOmKi.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\d9s_pu2yksxvyitdomki.pdf")) returned 1 [0270.416] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini.crypted", lpFilePart=0x0) returned 0x33 [0270.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0270.416] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0270.419] GetFileType (hFile=0x394) returned 0x1 [0270.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0270.420] GetFileType (hFile=0x394) returned 0x1 [0272.091] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x2b [0272.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0272.092] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0272.092] GetFileType (hFile=0x358) returned 0x1 [0272.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0272.092] GetFileType (hFile=0x358) returned 0x1 [0272.095] ReadFile (in: hFile=0x358, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x192, lpOverlapped=0x0) returned 1 [0272.107] ReadFile (in: hFile=0x358, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0272.107] CloseHandle (hObject=0x358) returned 1 [0272.108] WriteFile (in: hFile=0x394, lpBuffer=0x24c16ec*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24c16ec*, lpNumberOfBytesWritten=0x19ef58*=0x1c0, lpOverlapped=0x0) returned 1 [0272.109] CloseHandle (hObject=0x394) returned 1 [0272.116] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x2b [0272.116] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini")) returned 1 [0272.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls.crypted", lpFilePart=0x0) returned 0x33 [0272.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0272.125] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\dlkpnzm.xls.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0272.126] GetFileType (hFile=0x394) returned 0x1 [0272.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0272.126] GetFileType (hFile=0x394) returned 0x1 [0273.674] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls", lpFilePart=0x0) returned 0x2b [0273.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0273.674] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\dlkpnzm.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0273.675] GetFileType (hFile=0x358) returned 0x1 [0273.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0273.675] GetFileType (hFile=0x358) returned 0x1 [0273.679] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x437a, lpOverlapped=0x0) returned 1 [0273.689] WriteFile (in: hFile=0x394, lpBuffer=0x23a64c4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23a64c4*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0273.691] WriteFile (in: hFile=0x394, lpBuffer=0x23a89f0*, nNumberOfBytesToWrite=0x3390, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23a89f0*, lpNumberOfBytesWritten=0x19ef80*=0x3390, lpOverlapped=0x0) returned 1 [0273.691] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0273.691] CloseHandle (hObject=0x358) returned 1 [0273.692] WriteFile (in: hFile=0x394, lpBuffer=0x23a64c4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23a64c4*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0273.692] CloseHandle (hObject=0x394) returned 1 [0273.694] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls", lpFilePart=0x0) returned 0x2b [0273.694] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\dlKPNzm.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\dlkpnzm.xls")) returned 1 [0273.699] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx.crypted", lpFilePart=0x0) returned 0x31 [0273.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0273.699] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\e3rx.docx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0273.699] GetFileType (hFile=0x394) returned 0x1 [0273.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0273.699] GetFileType (hFile=0x394) returned 0x1 [0274.982] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx", lpFilePart=0x0) returned 0x29 [0274.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0274.982] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\e3rx.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0274.983] GetFileType (hFile=0x358) returned 0x1 [0274.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0274.983] GetFileType (hFile=0x358) returned 0x1 [0274.986] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x179ba, lpOverlapped=0x0) returned 1 [0275.000] WriteFile (in: hFile=0x394, lpBuffer=0x248e8fc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x248e8fc*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0275.001] WriteFile (in: hFile=0x394, lpBuffer=0x3611568*, nNumberOfBytesToWrite=0x169d0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3611568*, lpNumberOfBytesWritten=0x19ef80*=0x169d0, lpOverlapped=0x0) returned 1 [0275.003] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0275.003] CloseHandle (hObject=0x358) returned 1 [0275.004] WriteFile (in: hFile=0x394, lpBuffer=0x248e8fc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x248e8fc*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0275.004] CloseHandle (hObject=0x394) returned 1 [0275.007] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx", lpFilePart=0x0) returned 0x29 [0275.007] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\e3rx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\e3rx.docx")) returned 1 [0275.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls.crypted", lpFilePart=0x0) returned 0x37 [0275.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0275.012] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\elaxp_yu-m7.xls.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0275.013] GetFileType (hFile=0x394) returned 0x1 [0275.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0275.013] GetFileType (hFile=0x394) returned 0x1 [0276.323] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls", lpFilePart=0x0) returned 0x2f [0276.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0276.323] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\elaxp_yu-m7.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0276.324] GetFileType (hFile=0x358) returned 0x1 [0276.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0276.324] GetFileType (hFile=0x358) returned 0x1 [0276.327] ReadFile (in: hFile=0x358, lpBuffer=0x3627f58, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3627f58*, lpNumberOfBytesRead=0x19efa8*=0x170ad, lpOverlapped=0x0) returned 1 [0276.369] WriteFile (in: hFile=0x394, lpBuffer=0x2372a44*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2372a44*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0276.371] WriteFile (in: hFile=0x394, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x160c0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef80*=0x160c0, lpOverlapped=0x0) returned 1 [0276.373] ReadFile (in: hFile=0x358, lpBuffer=0x3627f58, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3627f58*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0276.376] CloseHandle (hObject=0x358) returned 1 [0276.377] WriteFile (in: hFile=0x394, lpBuffer=0x2372a44*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2372a44*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0276.377] CloseHandle (hObject=0x394) returned 1 [0276.381] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls", lpFilePart=0x0) returned 0x2f [0276.381] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\elaXp_yU-M7.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\elaxp_yu-m7.xls")) returned 1 [0276.388] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx.crypted", lpFilePart=0x0) returned 0x32 [0276.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0276.388] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f-mhe.xlsx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0276.389] GetFileType (hFile=0x394) returned 0x1 [0276.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0276.389] GetFileType (hFile=0x394) returned 0x1 [0277.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx", lpFilePart=0x0) returned 0x2a [0277.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0277.697] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f-mhe.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0277.698] GetFileType (hFile=0x358) returned 0x1 [0277.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0277.698] GetFileType (hFile=0x358) returned 0x1 [0277.704] ReadFile (in: hFile=0x358, lpBuffer=0x3427608, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3427608*, lpNumberOfBytesRead=0x19efa8*=0xcecb, lpOverlapped=0x0) returned 1 [0277.708] WriteFile (in: hFile=0x394, lpBuffer=0x2457b10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2457b10*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0277.710] WriteFile (in: hFile=0x394, lpBuffer=0x245a03c*, nNumberOfBytesToWrite=0xbee0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x245a03c*, lpNumberOfBytesWritten=0x19ef80*=0xbee0, lpOverlapped=0x0) returned 1 [0277.711] ReadFile (in: hFile=0x358, lpBuffer=0x3427608, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3427608*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0277.711] CloseHandle (hObject=0x358) returned 1 [0277.711] WriteFile (in: hFile=0x394, lpBuffer=0x2457b10*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2457b10*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0277.712] CloseHandle (hObject=0x394) returned 1 [0277.715] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx", lpFilePart=0x0) returned 0x2a [0277.716] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F-mhE.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f-mhe.xlsx")) returned 1 [0277.721] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx.crypted", lpFilePart=0x0) returned 0x40 [0277.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0277.722] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\febjeb3gac8ug9qoive.docx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0277.723] GetFileType (hFile=0x394) returned 0x1 [0277.723] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0277.723] GetFileType (hFile=0x394) returned 0x1 [0279.382] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx", lpFilePart=0x0) returned 0x38 [0279.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0279.383] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\febjeb3gac8ug9qoive.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0279.384] GetFileType (hFile=0x358) returned 0x1 [0279.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0279.385] GetFileType (hFile=0x358) returned 0x1 [0279.394] ReadFile (in: hFile=0x358, lpBuffer=0x3527628, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3527628*, lpNumberOfBytesRead=0x19efa8*=0x7517, lpOverlapped=0x0) returned 1 [0279.397] WriteFile (in: hFile=0x394, lpBuffer=0x2348c58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2348c58*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0279.399] WriteFile (in: hFile=0x394, lpBuffer=0x234b1bc*, nNumberOfBytesToWrite=0x6530, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x234b1bc*, lpNumberOfBytesWritten=0x19ef80*=0x6530, lpOverlapped=0x0) returned 1 [0279.400] ReadFile (in: hFile=0x358, lpBuffer=0x3527628, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3527628*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0279.400] CloseHandle (hObject=0x358) returned 1 [0279.401] WriteFile (in: hFile=0x394, lpBuffer=0x2348c58*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2348c58*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0279.403] CloseHandle (hObject=0x394) returned 1 [0279.406] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx", lpFilePart=0x0) returned 0x38 [0279.406] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\FEBjEB3GAc8uG9QoiVe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\febjeb3gac8ug9qoive.docx")) returned 1 [0279.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx.crypted", lpFilePart=0x0) returned 0x3a [0279.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0279.412] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\frqc9skmjheva.xlsx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0279.413] GetFileType (hFile=0x394) returned 0x1 [0279.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0279.413] GetFileType (hFile=0x394) returned 0x1 [0280.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx", lpFilePart=0x0) returned 0x32 [0280.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0280.806] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\frqc9skmjheva.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0280.808] GetFileType (hFile=0x358) returned 0x1 [0280.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0280.808] GetFileType (hFile=0x358) returned 0x1 [0280.811] ReadFile (in: hFile=0x358, lpBuffer=0x3727f78, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3727f78*, lpNumberOfBytesRead=0x19efa8*=0x5925, lpOverlapped=0x0) returned 1 [0280.829] WriteFile (in: hFile=0x394, lpBuffer=0x2434460*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2434460*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0280.831] WriteFile (in: hFile=0x394, lpBuffer=0x24369ac*, nNumberOfBytesToWrite=0x4940, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24369ac*, lpNumberOfBytesWritten=0x19ef80*=0x4940, lpOverlapped=0x0) returned 1 [0280.832] ReadFile (in: hFile=0x358, lpBuffer=0x3727f78, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3727f78*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0280.832] CloseHandle (hObject=0x358) returned 1 [0280.833] WriteFile (in: hFile=0x394, lpBuffer=0x2434460*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2434460*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0280.833] CloseHandle (hObject=0x394) returned 1 [0280.861] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx", lpFilePart=0x0) returned 0x32 [0280.861] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\fRqC9SKMJhEVA.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\frqc9skmjheva.xlsx")) returned 1 [0280.871] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv.crypted", lpFilePart=0x0) returned 0x3d [0280.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0280.872] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\gs1ifofgopmdyfap2.csv.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0280.873] GetFileType (hFile=0x394) returned 0x1 [0280.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0280.873] GetFileType (hFile=0x394) returned 0x1 [0282.225] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv", lpFilePart=0x0) returned 0x35 [0282.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0282.225] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\gs1ifofgopmdyfap2.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0282.225] GetFileType (hFile=0x358) returned 0x1 [0282.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0282.226] GetFileType (hFile=0x358) returned 0x1 [0282.230] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x258b, lpOverlapped=0x0) returned 1 [0282.250] WriteFile (in: hFile=0x394, lpBuffer=0x2320064*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2320064*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0282.251] WriteFile (in: hFile=0x394, lpBuffer=0x23225b8*, nNumberOfBytesToWrite=0x15a0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23225b8*, lpNumberOfBytesWritten=0x19ef80*=0x15a0, lpOverlapped=0x0) returned 1 [0282.252] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0282.252] CloseHandle (hObject=0x358) returned 1 [0282.253] WriteFile (in: hFile=0x394, lpBuffer=0x2320064*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2320064*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0282.253] CloseHandle (hObject=0x394) returned 1 [0282.254] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv", lpFilePart=0x0) returned 0x35 [0282.254] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\gS1iFOFgOpmDYFaP2.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\gs1ifofgopmdyfap2.csv")) returned 1 [0282.260] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx.crypted", lpFilePart=0x0) returned 0x32 [0282.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0282.261] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jyexb.pptx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0282.262] GetFileType (hFile=0x394) returned 0x1 [0282.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0282.262] GetFileType (hFile=0x394) returned 0x1 [0283.477] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx", lpFilePart=0x0) returned 0x2a [0283.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0283.477] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jyexb.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0283.477] GetFileType (hFile=0x358) returned 0x1 [0283.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0283.477] GetFileType (hFile=0x358) returned 0x1 [0283.480] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0xc599, lpOverlapped=0x0) returned 1 [0283.493] WriteFile (in: hFile=0x394, lpBuffer=0x2406914*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2406914*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0283.494] WriteFile (in: hFile=0x394, lpBuffer=0x2408e40*, nNumberOfBytesToWrite=0xb5b0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2408e40*, lpNumberOfBytesWritten=0x19ef80*=0xb5b0, lpOverlapped=0x0) returned 1 [0283.495] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0283.495] CloseHandle (hObject=0x358) returned 1 [0283.496] WriteFile (in: hFile=0x394, lpBuffer=0x2406914*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2406914*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0283.496] CloseHandle (hObject=0x394) returned 1 [0283.499] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx", lpFilePart=0x0) returned 0x2a [0283.499] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Jyexb.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jyexb.pptx")) returned 1 [0283.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf.crypted", lpFilePart=0x0) returned 0x39 [0283.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0283.503] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\mu_vuwdrfz9nk.pdf.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0283.503] GetFileType (hFile=0x394) returned 0x1 [0283.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0283.503] GetFileType (hFile=0x394) returned 0x1 [0284.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf", lpFilePart=0x0) returned 0x31 [0284.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0284.958] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\mu_vuwdrfz9nk.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0284.959] GetFileType (hFile=0x358) returned 0x1 [0284.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0284.959] GetFileType (hFile=0x358) returned 0x1 [0284.962] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x15648, lpOverlapped=0x0) returned 1 [0285.000] WriteFile (in: hFile=0x394, lpBuffer=0x22f723c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x22f723c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0285.002] WriteFile (in: hFile=0x394, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x14660, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef80*=0x14660, lpOverlapped=0x0) returned 1 [0285.004] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0285.007] CloseHandle (hObject=0x358) returned 1 [0285.008] WriteFile (in: hFile=0x394, lpBuffer=0x22f723c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x22f723c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0285.008] CloseHandle (hObject=0x394) returned 1 [0285.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf", lpFilePart=0x0) returned 0x31 [0285.012] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\mu_vUwdrfz9nK.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\mu_vuwdrfz9nk.pdf")) returned 1 [0285.017] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots.crypted", lpFilePart=0x0) returned 0x3c [0285.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0285.017] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nm8x6zirdlu8kvjc.ots.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0285.018] GetFileType (hFile=0x394) returned 0x1 [0285.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0285.018] GetFileType (hFile=0x394) returned 0x1 [0286.474] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots", lpFilePart=0x0) returned 0x34 [0286.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0286.474] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nm8x6zirdlu8kvjc.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0286.478] GetFileType (hFile=0x358) returned 0x1 [0286.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0286.478] GetFileType (hFile=0x358) returned 0x1 [0286.482] ReadFile (in: hFile=0x358, lpBuffer=0x3425ba8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3425ba8*, lpNumberOfBytesRead=0x19efa8*=0x8cde, lpOverlapped=0x0) returned 1 [0286.485] WriteFile (in: hFile=0x394, lpBuffer=0x23dc030*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23dc030*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0286.486] WriteFile (in: hFile=0x394, lpBuffer=0x23de584*, nNumberOfBytesToWrite=0x7cf0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23de584*, lpNumberOfBytesWritten=0x19ef80*=0x7cf0, lpOverlapped=0x0) returned 1 [0286.487] ReadFile (in: hFile=0x358, lpBuffer=0x3425ba8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3425ba8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0286.487] CloseHandle (hObject=0x358) returned 1 [0286.488] WriteFile (in: hFile=0x394, lpBuffer=0x23dc030*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23dc030*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0286.488] CloseHandle (hObject=0x394) returned 1 [0286.492] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots", lpFilePart=0x0) returned 0x34 [0286.492] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nm8X6ZirdLU8kVJc.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nm8x6zirdlu8kvjc.ots")) returned 1 [0286.496] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx.crypted", lpFilePart=0x0) returned 0x38 [0286.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0286.497] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\rujn1odardo.pptx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0286.497] GetFileType (hFile=0x394) returned 0x1 [0286.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0286.498] GetFileType (hFile=0x394) returned 0x1 [0287.856] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx", lpFilePart=0x0) returned 0x30 [0287.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0287.856] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\rujn1odardo.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0287.856] GetFileType (hFile=0x358) returned 0x1 [0287.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0287.857] GetFileType (hFile=0x358) returned 0x1 [0287.859] ReadFile (in: hFile=0x358, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0xee8d, lpOverlapped=0x0) returned 1 [0287.874] WriteFile (in: hFile=0x394, lpBuffer=0x24c91bc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24c91bc*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0287.875] WriteFile (in: hFile=0x394, lpBuffer=0x24cb700*, nNumberOfBytesToWrite=0xdea0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24cb700*, lpNumberOfBytesWritten=0x19ef80*=0xdea0, lpOverlapped=0x0) returned 1 [0287.876] ReadFile (in: hFile=0x358, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0287.877] CloseHandle (hObject=0x358) returned 1 [0287.877] WriteFile (in: hFile=0x394, lpBuffer=0x24c91bc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24c91bc*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0287.877] CloseHandle (hObject=0x394) returned 1 [0287.880] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx", lpFilePart=0x0) returned 0x30 [0287.880] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\RUjn1OdArdO.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\rujn1odardo.pptx")) returned 1 [0287.885] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx.crypted", lpFilePart=0x0) returned 0x41 [0287.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0287.886] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\r_yny4eoi-ial9bdjahm.xlsx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0287.886] GetFileType (hFile=0x394) returned 0x1 [0287.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0287.886] GetFileType (hFile=0x394) returned 0x1 [0289.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx", lpFilePart=0x0) returned 0x39 [0289.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0289.550] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\r_yny4eoi-ial9bdjahm.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0289.551] GetFileType (hFile=0x358) returned 0x1 [0289.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0289.551] GetFileType (hFile=0x358) returned 0x1 [0289.555] ReadFile (in: hFile=0x358, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x61a7, lpOverlapped=0x0) returned 1 [0289.576] WriteFile (in: hFile=0x394, lpBuffer=0x23bc59c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23bc59c*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0289.577] WriteFile (in: hFile=0x394, lpBuffer=0x23beb00*, nNumberOfBytesToWrite=0x51c0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23beb00*, lpNumberOfBytesWritten=0x19ef80*=0x51c0, lpOverlapped=0x0) returned 1 [0289.578] ReadFile (in: hFile=0x358, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0289.578] CloseHandle (hObject=0x358) returned 1 [0289.579] WriteFile (in: hFile=0x394, lpBuffer=0x23bc59c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23bc59c*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0289.579] CloseHandle (hObject=0x394) returned 1 [0289.581] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx", lpFilePart=0x0) returned 0x39 [0289.581] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\R_yNy4eoI-Ial9bDJahm.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\r_yny4eoi-ial9bdjahm.xlsx")) returned 1 [0289.601] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx.crypted", lpFilePart=0x0) returned 0x38 [0289.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0289.601] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ssctlbz1rrc.docx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0289.602] GetFileType (hFile=0x394) returned 0x1 [0289.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0289.602] GetFileType (hFile=0x394) returned 0x1 [0291.029] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx", lpFilePart=0x0) returned 0x30 [0291.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0291.029] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ssctlbz1rrc.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0291.030] GetFileType (hFile=0x358) returned 0x1 [0291.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0291.030] GetFileType (hFile=0x358) returned 0x1 [0291.034] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x2c10, lpOverlapped=0x0) returned 1 [0291.046] WriteFile (in: hFile=0x394, lpBuffer=0x24a8464*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24a8464*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0291.047] WriteFile (in: hFile=0x394, lpBuffer=0x24aa9a8*, nNumberOfBytesToWrite=0x1c30, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24aa9a8*, lpNumberOfBytesWritten=0x19ef80*=0x1c30, lpOverlapped=0x0) returned 1 [0291.048] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0291.048] CloseHandle (hObject=0x358) returned 1 [0291.048] WriteFile (in: hFile=0x394, lpBuffer=0x24a8464*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24a8464*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0291.049] CloseHandle (hObject=0x394) returned 1 [0291.050] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx", lpFilePart=0x0) returned 0x30 [0291.050] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sSCtLBz1rRC.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ssctlbz1rrc.docx")) returned 1 [0291.055] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls.crypted", lpFilePart=0x0) returned 0x38 [0291.055] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0291.055] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ss__yudq6evd.xls.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0291.056] GetFileType (hFile=0x394) returned 0x1 [0291.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0291.056] GetFileType (hFile=0x394) returned 0x1 [0292.233] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls", lpFilePart=0x0) returned 0x30 [0292.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0292.234] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ss__yudq6evd.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0292.235] GetFileType (hFile=0x358) returned 0x1 [0292.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0292.235] GetFileType (hFile=0x358) returned 0x1 [0292.238] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0xfb0b, lpOverlapped=0x0) returned 1 [0292.254] WriteFile (in: hFile=0x394, lpBuffer=0x238f670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x238f670*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0292.259] WriteFile (in: hFile=0x394, lpBuffer=0x2391bb4*, nNumberOfBytesToWrite=0xeb20, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2391bb4*, lpNumberOfBytesWritten=0x19ef80*=0xeb20, lpOverlapped=0x0) returned 1 [0292.260] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0292.260] CloseHandle (hObject=0x358) returned 1 [0292.261] WriteFile (in: hFile=0x394, lpBuffer=0x238f670*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x238f670*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0292.261] CloseHandle (hObject=0x394) returned 1 [0292.264] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls", lpFilePart=0x0) returned 0x30 [0292.264] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sS__yUDQ6eVd.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ss__yudq6evd.xls")) returned 1 [0292.270] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx.crypted", lpFilePart=0x0) returned 0x39 [0292.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0292.270] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\tkfw1r1m5tw5.xlsx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0292.271] GetFileType (hFile=0x394) returned 0x1 [0292.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0292.271] GetFileType (hFile=0x394) returned 0x1 [0293.743] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx", lpFilePart=0x0) returned 0x31 [0293.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0293.743] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\tkfw1r1m5tw5.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0293.744] GetFileType (hFile=0x358) returned 0x1 [0293.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0293.744] GetFileType (hFile=0x358) returned 0x1 [0293.749] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x16f49, lpOverlapped=0x0) returned 1 [0293.818] WriteFile (in: hFile=0x394, lpBuffer=0x24837c4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x24837c4*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0293.821] WriteFile (in: hFile=0x394, lpBuffer=0x3411528*, nNumberOfBytesToWrite=0x15f60, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x3411528*, lpNumberOfBytesWritten=0x19ef80*=0x15f60, lpOverlapped=0x0) returned 1 [0293.824] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0293.827] CloseHandle (hObject=0x358) returned 1 [0293.828] WriteFile (in: hFile=0x394, lpBuffer=0x24837c4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x24837c4*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0293.829] CloseHandle (hObject=0x394) returned 1 [0293.835] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx", lpFilePart=0x0) returned 0x31 [0293.835] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Tkfw1r1M5TW5.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\tkfw1r1m5tw5.xlsx")) returned 1 [0293.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt.crypted", lpFilePart=0x0) returned 0x3a [0293.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0293.850] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uwmav1lvminbyi.odt.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0293.852] GetFileType (hFile=0x394) returned 0x1 [0293.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0293.852] GetFileType (hFile=0x394) returned 0x1 [0295.285] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt", lpFilePart=0x0) returned 0x32 [0295.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0295.285] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uwmav1lvminbyi.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0295.287] GetFileType (hFile=0x358) returned 0x1 [0295.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0295.287] GetFileType (hFile=0x358) returned 0x1 [0295.295] ReadFile (in: hFile=0x358, lpBuffer=0x34274a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x34274a8*, lpNumberOfBytesRead=0x19efa8*=0x18d66, lpOverlapped=0x0) returned 1 [0295.303] WriteFile (in: hFile=0x394, lpBuffer=0x2368474*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2368474*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0295.306] WriteFile (in: hFile=0x394, lpBuffer=0x35284a8*, nNumberOfBytesToWrite=0x17d80, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x35284a8*, lpNumberOfBytesWritten=0x19ef80*=0x17d80, lpOverlapped=0x0) returned 1 [0295.308] ReadFile (in: hFile=0x358, lpBuffer=0x34274a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x34274a8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0295.308] CloseHandle (hObject=0x358) returned 1 [0295.309] WriteFile (in: hFile=0x394, lpBuffer=0x2368474*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x2368474*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0295.310] CloseHandle (hObject=0x394) returned 1 [0295.314] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt", lpFilePart=0x0) returned 0x32 [0295.314] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\UWMAv1LvMInByi.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uwmav1lvminbyi.odt")) returned 1 [0295.337] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc.crypted", lpFilePart=0x0) returned 0x34 [0295.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0295.337] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\v4j6gj72.doc.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0295.338] GetFileType (hFile=0x394) returned 0x1 [0295.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0295.338] GetFileType (hFile=0x394) returned 0x1 [0296.886] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc", lpFilePart=0x0) returned 0x2c [0296.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0296.887] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\v4j6gj72.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0296.889] GetFileType (hFile=0x358) returned 0x1 [0296.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0296.889] GetFileType (hFile=0x358) returned 0x1 [0296.892] ReadFile (in: hFile=0x358, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x12f9, lpOverlapped=0x0) returned 1 [0296.908] WriteFile (in: hFile=0x394, lpBuffer=0x244cb70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x244cb70*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0296.910] ReadFile (in: hFile=0x358, lpBuffer=0x37105a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x37105a8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0296.910] CloseHandle (hObject=0x358) returned 1 [0296.913] WriteFile (in: hFile=0x394, lpBuffer=0x244cb70*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x244cb70*, lpNumberOfBytesWritten=0x19ef58*=0x320, lpOverlapped=0x0) returned 1 [0296.914] CloseHandle (hObject=0x394) returned 1 [0296.916] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc", lpFilePart=0x0) returned 0x2c [0296.917] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\V4j6Gj72.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\v4j6gj72.doc")) returned 1 [0296.927] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps.crypted", lpFilePart=0x0) returned 0x40 [0296.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0296.927] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vvij_dir5hfjciyqyek2.pps.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0296.928] GetFileType (hFile=0x394) returned 0x1 [0296.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0296.929] GetFileType (hFile=0x394) returned 0x1 [0298.567] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps", lpFilePart=0x0) returned 0x38 [0298.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0298.567] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vvij_dir5hfjciyqyek2.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0298.568] GetFileType (hFile=0x358) returned 0x1 [0298.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0298.568] GetFileType (hFile=0x358) returned 0x1 [0298.572] ReadFile (in: hFile=0x358, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x47a2, lpOverlapped=0x0) returned 1 [0298.602] WriteFile (in: hFile=0x394, lpBuffer=0x23325f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23325f8*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0298.604] WriteFile (in: hFile=0x394, lpBuffer=0x2334b5c*, nNumberOfBytesToWrite=0x37c0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2334b5c*, lpNumberOfBytesWritten=0x19ef80*=0x37c0, lpOverlapped=0x0) returned 1 [0298.604] ReadFile (in: hFile=0x358, lpBuffer=0x38105c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x38105c8*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0298.604] CloseHandle (hObject=0x358) returned 1 [0298.605] WriteFile (in: hFile=0x394, lpBuffer=0x23325f8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23325f8*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0298.606] CloseHandle (hObject=0x394) returned 1 [0298.608] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps", lpFilePart=0x0) returned 0x38 [0298.608] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VVIj_dir5hfjCIYqyEk2.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vvij_dir5hfjciyqyek2.pps")) returned 1 [0298.616] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx.crypted", lpFilePart=0x0) returned 0x36 [0298.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0298.616] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zegkvyc5a.pptx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0298.617] GetFileType (hFile=0x394) returned 0x1 [0298.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0298.617] GetFileType (hFile=0x394) returned 0x1 [0300.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx", lpFilePart=0x0) returned 0x2e [0300.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0300.400] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zegkvyc5a.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0300.401] GetFileType (hFile=0x358) returned 0x1 [0300.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0300.401] GetFileType (hFile=0x358) returned 0x1 [0300.406] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x1919, lpOverlapped=0x0) returned 1 [0300.421] WriteFile (in: hFile=0x394, lpBuffer=0x241c7f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x241c7f8*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0300.423] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0300.423] CloseHandle (hObject=0x358) returned 1 [0300.424] WriteFile (in: hFile=0x394, lpBuffer=0x241c7f8*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x241c7f8*, lpNumberOfBytesWritten=0x19ef58*=0x940, lpOverlapped=0x0) returned 1 [0300.425] CloseHandle (hObject=0x394) returned 1 [0300.427] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx", lpFilePart=0x0) returned 0x2e [0300.427] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zeGkvyC5a.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zegkvyc5a.pptx")) returned 1 [0300.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx.crypted", lpFilePart=0x0) returned 0x33 [0300.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0300.434] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zr8r9b.docx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0300.437] GetFileType (hFile=0x394) returned 0x1 [0300.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0300.437] GetFileType (hFile=0x394) returned 0x1 [0302.066] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx", lpFilePart=0x0) returned 0x2b [0302.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0302.067] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zr8r9b.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0302.067] GetFileType (hFile=0x358) returned 0x1 [0302.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0302.067] GetFileType (hFile=0x358) returned 0x1 [0302.071] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x72d0, lpOverlapped=0x0) returned 1 [0302.088] WriteFile (in: hFile=0x394, lpBuffer=0x23028e4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23028e4*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0302.089] WriteFile (in: hFile=0x394, lpBuffer=0x2304e10*, nNumberOfBytesToWrite=0x62f0, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2304e10*, lpNumberOfBytesWritten=0x19ef80*=0x62f0, lpOverlapped=0x0) returned 1 [0302.090] ReadFile (in: hFile=0x358, lpBuffer=0x3510568, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3510568*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0302.091] CloseHandle (hObject=0x358) returned 1 [0302.093] WriteFile (in: hFile=0x394, lpBuffer=0x23028e4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23028e4*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0302.093] CloseHandle (hObject=0x394) returned 1 [0302.100] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx", lpFilePart=0x0) returned 0x2b [0302.100] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\zR8r9B.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zr8r9b.docx")) returned 1 [0302.108] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx.crypted", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx.crypted", lpFilePart=0x0) returned 0x31 [0302.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0302.109] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zzw2.pptx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0302.110] GetFileType (hFile=0x394) returned 0x1 [0302.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0302.110] GetFileType (hFile=0x394) returned 0x1 [0303.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx", nBufferLength=0x105, lpBuffer=0x19e9f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx", lpFilePart=0x0) returned 0x29 [0303.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eee8) returned 1 [0303.850] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zzw2.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0303.850] GetFileType (hFile=0x358) returned 0x1 [0303.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eee4) returned 1 [0303.850] GetFileType (hFile=0x358) returned 0x1 [0303.854] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0xe565, lpOverlapped=0x0) returned 1 [0303.873] WriteFile (in: hFile=0x394, lpBuffer=0x23ee3a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23ee3a0*, lpNumberOfBytesWritten=0x19ef80*=0x1000, lpOverlapped=0x0) returned 1 [0303.874] WriteFile (in: hFile=0x394, lpBuffer=0x23f08c4*, nNumberOfBytesToWrite=0xd580, lpNumberOfBytesWritten=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x23f08c4*, lpNumberOfBytesWritten=0x19ef80*=0xd580, lpOverlapped=0x0) returned 1 [0303.875] ReadFile (in: hFile=0x358, lpBuffer=0x3610588, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19efa8, lpOverlapped=0x0 | out: lpBuffer=0x3610588*, lpNumberOfBytesRead=0x19efa8*=0x0, lpOverlapped=0x0) returned 1 [0303.875] CloseHandle (hObject=0x358) returned 1 [0303.876] WriteFile (in: hFile=0x394, lpBuffer=0x23ee3a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef58, lpOverlapped=0x0 | out: lpBuffer=0x23ee3a0*, lpNumberOfBytesWritten=0x19ef58*=0x10, lpOverlapped=0x0) returned 1 [0303.877] CloseHandle (hObject=0x394) returned 1 [0303.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx", lpFilePart=0x0) returned 0x29 [0303.888] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ZZW2.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\zzw2.pptx")) returned 1 [0303.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eff0) returned 1 [0303.896] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0303.896] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x19eacc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0303.898] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*", lpFindFileData=0x19ed18 | out: lpFindFileData=0x19ed18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58809748, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0xdbeb2745, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7670 [0303.899] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58809748, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0xdbeb2745, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0303.900] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc69f460, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xbc69f460, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xbd562fcd, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xcaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-dKCymjM6t.xls.crypted", cAlternateFileName="-DKCYM~1.CRY")) returned 1 [0303.900] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd5713c4, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xbd5713c4, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xbe65aff2, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x12de0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0i4blKWnXDBzRDzcOs.pps.crypted", cAlternateFileName="0I4BLK~1.CRY")) returned 1 [0303.901] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe676f5c, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xbe676f5c, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xbf9ff502, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x186d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4AvDU315bNLSZ.docx.crypted", cAlternateFileName="4AVDU3~1.CRY")) returned 1 [0303.911] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfa14102, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xbfa14102, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc09e5280, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x1da0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4oHiOkMBXj9.doc.crypted", cAlternateFileName="4OHIOK~1.CRY")) returned 1 [0303.912] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc09f65fc, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc09f65fc, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc1770259, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x1710, dwReserved0=0x0, dwReserved1=0x0, cFileName="4txGY.xlsx.crypted", cAlternateFileName="4TXGYX~1.CRY")) returned 1 [0303.912] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1780267, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc1780267, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc2745fc1, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x18500, dwReserved0=0x0, dwReserved1=0x0, cFileName="6hN4c63 FU4H.odp.crypted", cAlternateFileName="6HN4C6~1.CRY")) returned 1 [0303.913] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2755e3a, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc2755e3a, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc34a0b3a, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xf9a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6u7pw7FlU48.pptx.crypted", cAlternateFileName="6U7PW7~1.CRY")) returned 1 [0303.913] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc34c1287, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc34c1287, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc4277cf6, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xc4d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="9owOKQ0XPX.docx.crypted", cAlternateFileName="9OWOKQ~1.CRY")) returned 1 [0303.914] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc428572c, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc428572c, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc52b6b94, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x4ce0, dwReserved0=0x0, dwReserved1=0x0, cFileName="9wXmWGHa4ITFRR.ppt.crypted", cAlternateFileName="9WXMWG~1.CRY")) returned 1 [0303.914] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc52e97b6, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc52e97b6, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc65d4f27, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x18e70, dwReserved0=0x0, dwReserved1=0x0, cFileName="cfxIXSMlKxJA32om.pptx.crypted", cAlternateFileName="CFXIXS~1.CRY")) returned 1 [0303.915] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc65e6125, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc65e6125, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc74933b3, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x15260, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTq2.pptx.crypted", cAlternateFileName="CTQ2PP~1.CRY")) returned 1 [0303.915] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc749d6c3, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc749d6c3, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc7f61fce, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x17530, dwReserved0=0x0, dwReserved1=0x0, cFileName="d9S_PU2YkSXvYiTdOmKi.pdf.crypted", cAlternateFileName="D9S_PU~1.CRY")) returned 1 [0303.916] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7f6f50a, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc7f6f50a, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc8fa1682, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x1c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.crypted", cAlternateFileName="DESKTO~1.CRY")) returned 1 [0303.916] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8fb9af8, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc8fb9af8, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xc9eaf466, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x43a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dlKPNzm.xls.crypted", cAlternateFileName="DLKPNZ~1.CRY")) returned 1 [0303.917] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9ebc1d5, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xc9ebc1d5, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xcab360ed, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x179e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e3rx.docx.crypted", cAlternateFileName="E3RXDO~1.CRY")) returned 1 [0303.917] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcab43224, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xcab43224, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xcb84fe8c, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x170d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="elaXp_yU-M7.xls.crypted", cAlternateFileName="ELAXP_~1.CRY")) returned 1 [0303.918] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb85f240, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xcb85f240, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xcc5099f4, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xcef0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F-mhE.xlsx.crypted", cAlternateFileName="F-MHEX~1.CRY")) returned 1 [0303.918] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc51ac63, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xcc51ac63, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xcd528797, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x7540, dwReserved0=0x0, dwReserved1=0x0, cFileName="FEBjEB3GAc8uG9QoiVe.docx.crypted", cAlternateFileName="FEBJEB~1.CRY")) returned 1 [0303.919] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd539aff, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xcd539aff, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xce308b91, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x5950, dwReserved0=0x0, dwReserved1=0x0, cFileName="fRqC9SKMJhEVA.xlsx.crypted", cAlternateFileName="FRQC9S~1.CRY")) returned 1 [0303.919] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce3260b4, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xce3260b4, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xcf053304, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x25b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gS1iFOFgOpmDYFaP2.csv.crypted", cAlternateFileName="GS1IFO~1.CRY")) returned 1 [0303.920] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4ebeb50, ftCreationTime.dwHighDateTime=0x1d6fec9, ftLastAccessTime.dwLowDateTime=0x1d03fb0, ftLastAccessTime.dwHighDateTime=0x1d7023b, ftLastWriteTime.dwLowDateTime=0x1d03fb0, ftLastWriteTime.dwHighDateTime=0x1d7023b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IDhWz54EjpbS8oH", cAlternateFileName="IDHWZ5~1")) returned 1 [0303.920] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf063e46, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xcf063e46, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xcfc30f95, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xc5c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jyexb.pptx.crypted", cAlternateFileName="JYEXBP~1.CRY")) returned 1 [0303.921] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc3b3d2, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xcfc3b3d2, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd0a9fce4, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x15670, dwReserved0=0x0, dwReserved1=0x0, cFileName="mu_vUwdrfz9nK.pdf.crypted", cAlternateFileName="MU_VUW~1.CRY")) returned 1 [0303.921] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0303.922] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0303.922] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0303.923] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0aac0e8, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd0aac0e8, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd18bc244, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x8d00, dwReserved0=0x0, dwReserved1=0x0, cFileName="nm8X6ZirdLU8kVJc.ots.crypted", cAlternateFileName="NM8X6Z~1.CRY")) returned 1 [0303.923] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x65ef9a5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0303.924] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd18c973e, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd18c973e, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd25f92c9, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xeeb0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RUjn1OdArdO.pptx.crypted", cAlternateFileName="RUJN1O~1.CRY")) returned 1 [0303.924] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2606927, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd2606927, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd3633319, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x61d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="R_yNy4eoI-Ial9bDJahm.xlsx.crypted", cAlternateFileName="R_YNY4~1.CRY")) returned 1 [0303.925] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36649dd, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd36649dd, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd44348dd, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x2c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sSCtLBz1rRC.docx.crypted", cAlternateFileName="SSCTLB~1.CRY")) returned 1 [0303.925] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4441d70, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd4441d70, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd4fc7cc0, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xfb30, dwReserved0=0x0, dwReserved1=0x0, cFileName="sS__yUDQ6eVd.xls.crypted", cAlternateFileName="SS__YU~1.CRY")) returned 1 [0303.927] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4fd9e12, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd4fd9e12, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd5ec3874, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x16f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tkfw1r1M5TW5.xlsx.crypted", cAlternateFileName="TKFW1R~1.CRY")) returned 1 [0303.928] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5eebd88, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd5eebd88, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd6cdea7b, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x18d90, dwReserved0=0x0, dwReserved1=0x0, cFileName="UWMAv1LvMInByi.odt.crypted", cAlternateFileName="UWMAV1~1.CRY")) returned 1 [0303.928] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6d18803, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd6d18803, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd7c24c5c, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x1320, dwReserved0=0x0, dwReserved1=0x0, cFileName="V4j6Gj72.doc.crypted", cAlternateFileName="V4J6GJ~1.CRY")) returned 1 [0303.929] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c43a4d, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd7c43a4d, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd8c488d5, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x47d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VVIj_dir5hfjCIYqyEk2.pps.crypted", cAlternateFileName="VVIJ_D~1.CRY")) returned 1 [0303.929] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8c5e892, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd8c5e892, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xd9da19a1, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x1940, dwReserved0=0x0, dwReserved1=0x0, cFileName="zeGkvyC5a.pptx.crypted", cAlternateFileName="ZEGKVY~1.CRY")) returned 1 [0303.930] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9db4f97, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xd9db4f97, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xdad964bd, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0x7300, dwReserved0=0x0, dwReserved1=0x0, cFileName="zR8r9B.docx.crypted", cAlternateFileName="ZR8R9B~1.CRY")) returned 1 [0303.930] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdadad757, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xdadad757, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xdbea13f8, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe590, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZZW2.pptx.crypted", cAlternateFileName="ZZW2PP~1.CRY")) returned 1 [0303.931] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ed28 | out: lpFindFileData=0x19ed28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdadad757, ftCreationTime.dwHighDateTime=0x1d72d91, ftLastAccessTime.dwLowDateTime=0xdadad757, ftLastAccessTime.dwHighDateTime=0x1d72d91, ftLastWriteTime.dwLowDateTime=0xdbea13f8, ftLastWriteTime.dwHighDateTime=0x1d72d91, nFileSizeHigh=0x0, nFileSizeLow=0xe590, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZZW2.pptx.crypted", cAlternateFileName="ZZW2PP~1.CRY")) returned 0 [0303.931] FindClose (in: hFindFile=0x8a7670 | out: hFindFile=0x8a7670) returned 1 [0303.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efb0) returned 1 [0303.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efbc) returned 1 [0303.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0303.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH", lpFilePart=0x0) returned 0x2f [0303.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\", lpFilePart=0x0) returned 0x30 [0303.932] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\*", lpFindFileData=0x19ece4 | out: lpFindFileData=0x19ece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4ebeb50, ftCreationTime.dwHighDateTime=0x1d6fec9, ftLastAccessTime.dwLowDateTime=0x1d03fb0, ftLastAccessTime.dwHighDateTime=0x1d7023b, ftLastWriteTime.dwLowDateTime=0x1d03fb0, ftLastWriteTime.dwHighDateTime=0x1d7023b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8a7670 [0303.933] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4ebeb50, ftCreationTime.dwHighDateTime=0x1d6fec9, ftLastAccessTime.dwLowDateTime=0x1d03fb0, ftLastAccessTime.dwHighDateTime=0x1d7023b, ftLastWriteTime.dwLowDateTime=0x1d03fb0, ftLastWriteTime.dwHighDateTime=0x1d7023b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0303.934] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e2e7170, ftCreationTime.dwHighDateTime=0x1d7052d, ftLastAccessTime.dwLowDateTime=0x21e4d920, ftLastAccessTime.dwHighDateTime=0x1d709dc, ftLastWriteTime.dwLowDateTime=0x21e4d920, ftLastWriteTime.dwHighDateTime=0x1d709dc, nFileSizeHigh=0x0, nFileSizeLow=0x15220, dwReserved0=0x0, dwReserved1=0x0, cFileName="15ihmDlL.ppt", cAlternateFileName="")) returned 1 [0303.934] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fa106f0, ftCreationTime.dwHighDateTime=0x1d7023d, ftLastAccessTime.dwLowDateTime=0xc3b7d9f0, ftLastAccessTime.dwHighDateTime=0x1d70608, ftLastWriteTime.dwLowDateTime=0xc3b7d9f0, ftLastWriteTime.dwHighDateTime=0x1d70608, nFileSizeHigh=0x0, nFileSizeLow=0x78c9, dwReserved0=0x0, dwReserved1=0x0, cFileName="2d44 AU8ULin.ppt", cAlternateFileName="2D44AU~1.PPT")) returned 1 [0303.935] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9220b0b0, ftCreationTime.dwHighDateTime=0x1d70289, ftLastAccessTime.dwLowDateTime=0xa6d32270, ftLastAccessTime.dwHighDateTime=0x1d70664, ftLastWriteTime.dwLowDateTime=0xa6d32270, ftLastWriteTime.dwHighDateTime=0x1d70664, nFileSizeHigh=0x0, nFileSizeLow=0x1352e, dwReserved0=0x0, dwReserved1=0x0, cFileName="7zlsQYuxwY.csv", cAlternateFileName="7ZLSQY~1.CSV")) returned 1 [0303.935] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7272ef70, ftCreationTime.dwHighDateTime=0x1d6ff06, ftLastAccessTime.dwLowDateTime=0x88045bc0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0x88045bc0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x16bfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DXEc.docx", cAlternateFileName="DXEC~1.DOC")) returned 1 [0303.936] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ecbaa0, ftCreationTime.dwHighDateTime=0x1d6fb7c, ftLastAccessTime.dwLowDateTime=0xbd371910, ftLastAccessTime.dwHighDateTime=0x1d703ce, ftLastWriteTime.dwLowDateTime=0xbd371910, ftLastWriteTime.dwHighDateTime=0x1d703ce, nFileSizeHigh=0x0, nFileSizeLow=0x14816, dwReserved0=0x0, dwReserved1=0x0, cFileName="EkEyb-6ITf.pptx", cAlternateFileName="EKEYB-~1.PPT")) returned 1 [0303.936] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9b07f20, ftCreationTime.dwHighDateTime=0x1d6fbbe, ftLastAccessTime.dwLowDateTime=0xd52faa60, ftLastAccessTime.dwHighDateTime=0x1d702a1, ftLastWriteTime.dwLowDateTime=0xd52faa60, ftLastWriteTime.dwHighDateTime=0x1d702a1, nFileSizeHigh=0x0, nFileSizeLow=0x13cae, dwReserved0=0x0, dwReserved1=0x0, cFileName="ieNT9n_upIFSROR_S.ots", cAlternateFileName="IENT9N~1.OTS")) returned 1 [0303.937] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9964650, ftCreationTime.dwHighDateTime=0x1d7062c, ftLastAccessTime.dwLowDateTime=0x6deabdb0, ftLastAccessTime.dwHighDateTime=0x1d70916, ftLastWriteTime.dwLowDateTime=0x6deabdb0, ftLastWriteTime.dwHighDateTime=0x1d70916, nFileSizeHigh=0x0, nFileSizeLow=0x1297, dwReserved0=0x0, dwReserved1=0x0, cFileName="jcvL 3fubnvUWf4cJt.xlsx", cAlternateFileName="JCVL3F~1.XLS")) returned 1 [0303.937] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1233160, ftCreationTime.dwHighDateTime=0x1d709c9, ftLastAccessTime.dwLowDateTime=0x5b6babb0, ftLastAccessTime.dwHighDateTime=0x1d709e6, ftLastWriteTime.dwLowDateTime=0x5b6babb0, ftLastWriteTime.dwHighDateTime=0x1d709e6, nFileSizeHigh=0x0, nFileSizeLow=0x14886, dwReserved0=0x0, dwReserved1=0x0, cFileName="L PbXLT49O.pps", cAlternateFileName="LPBXLT~1.PPS")) returned 1 [0303.938] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6844b880, ftCreationTime.dwHighDateTime=0x1d706f4, ftLastAccessTime.dwLowDateTime=0x2932bd0, ftLastAccessTime.dwHighDateTime=0x1d70770, ftLastWriteTime.dwLowDateTime=0x2932bd0, ftLastWriteTime.dwHighDateTime=0x1d70770, nFileSizeHigh=0x0, nFileSizeLow=0x11a77, dwReserved0=0x0, dwReserved1=0x0, cFileName="lgpsCNWva.odp", cAlternateFileName="LGPSCN~1.ODP")) returned 1 [0303.938] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc948a390, ftCreationTime.dwHighDateTime=0x1d70473, ftLastAccessTime.dwLowDateTime=0x489b0f30, ftLastAccessTime.dwHighDateTime=0x1d70590, ftLastWriteTime.dwLowDateTime=0x489b0f30, ftLastWriteTime.dwHighDateTime=0x1d70590, nFileSizeHigh=0x0, nFileSizeLow=0x4b57, dwReserved0=0x0, dwReserved1=0x0, cFileName="q7e3LqkaU0S6mHq_y.ods", cAlternateFileName="Q7E3LQ~1.ODS")) returned 1 [0303.939] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadfdb5a0, ftCreationTime.dwHighDateTime=0x1d70200, ftLastAccessTime.dwLowDateTime=0x51a15000, ftLastAccessTime.dwHighDateTime=0x1d70a1b, ftLastWriteTime.dwLowDateTime=0x51a15000, ftLastWriteTime.dwHighDateTime=0x1d70a1b, nFileSizeHigh=0x0, nFileSizeLow=0x1241, dwReserved0=0x0, dwReserved1=0x0, cFileName="RgL8hCn L.xlsx", cAlternateFileName="RGL8HC~1.XLS")) returned 1 [0303.939] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24fc78b0, ftCreationTime.dwHighDateTime=0x1d6fc4f, ftLastAccessTime.dwLowDateTime=0x844894f0, ftLastAccessTime.dwHighDateTime=0x1d6fddc, ftLastWriteTime.dwLowDateTime=0x844894f0, ftLastWriteTime.dwHighDateTime=0x1d6fddc, nFileSizeHigh=0x0, nFileSizeLow=0x70e, dwReserved0=0x0, dwReserved1=0x0, cFileName="S3 4SgBzBG.odp", cAlternateFileName="S34SGB~1.ODP")) returned 1 [0303.940] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf417bca0, ftCreationTime.dwHighDateTime=0x1d7055e, ftLastAccessTime.dwLowDateTime=0x288679f0, ftLastAccessTime.dwHighDateTime=0x1d70a1d, ftLastWriteTime.dwLowDateTime=0x288679f0, ftLastWriteTime.dwHighDateTime=0x1d70a1d, nFileSizeHigh=0x0, nFileSizeLow=0x3c2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SBF9EVo5qoFQ.odp", cAlternateFileName="SBF9EV~1.ODP")) returned 1 [0303.940] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb66b4ba0, ftCreationTime.dwHighDateTime=0x1d6ff06, ftLastAccessTime.dwLowDateTime=0xb4e752b0, ftLastAccessTime.dwHighDateTime=0x1d70825, ftLastWriteTime.dwLowDateTime=0xb4e752b0, ftLastWriteTime.dwHighDateTime=0x1d70825, nFileSizeHigh=0x0, nFileSizeLow=0x3762, dwReserved0=0x0, dwReserved1=0x0, cFileName="UUKTs3LN_h-wqPfzcyaU.rtf", cAlternateFileName="UUKTS3~1.RTF")) returned 1 [0303.941] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b024aa0, ftCreationTime.dwHighDateTime=0x1d705bd, ftLastAccessTime.dwLowDateTime=0xd80479e0, ftLastAccessTime.dwHighDateTime=0x1d70973, ftLastWriteTime.dwLowDateTime=0xd80479e0, ftLastWriteTime.dwHighDateTime=0x1d70973, nFileSizeHigh=0x0, nFileSizeLow=0x14dff, dwReserved0=0x0, dwReserved1=0x0, cFileName="VUXq02W.csv", cAlternateFileName="")) returned 1 [0303.941] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84aff7f0, ftCreationTime.dwHighDateTime=0x1d705a0, ftLastAccessTime.dwLowDateTime=0xfa48aa70, ftLastAccessTime.dwHighDateTime=0x1d709f6, ftLastWriteTime.dwLowDateTime=0xfa48aa70, ftLastWriteTime.dwHighDateTime=0x1d709f6, nFileSizeHigh=0x0, nFileSizeLow=0x67fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y_wjZZRV87_.pdf", cAlternateFileName="Y_WJZZ~1.PDF")) returned 1 [0303.941] FindNextFileW (in: hFindFile=0x8a7670, lpFindFileData=0x19ecf4 | out: lpFindFileData=0x19ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0303.942] FindClose (in: hFindFile=0x8a7670 | out: hFindFile=0x8a7670) returned 1 [0303.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef7c) returned 1 [0303.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef88) returned 1 [0303.944] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt.crypted", lpFilePart=0x0) returned 0x44 [0303.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0303.945] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\15ihmdll.ppt.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0303.946] GetFileType (hFile=0x394) returned 0x1 [0303.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0303.946] GetFileType (hFile=0x394) returned 0x1 [0305.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt", lpFilePart=0x0) returned 0x3c [0305.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0305.741] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\15ihmdll.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0305.742] GetFileType (hFile=0x358) returned 0x1 [0305.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0305.742] GetFileType (hFile=0x358) returned 0x1 [0305.747] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x15220, lpOverlapped=0x0) returned 1 [0305.768] WriteFile (in: hFile=0x394, lpBuffer=0x22e90a4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x22e90a4*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0305.769] WriteFile (in: hFile=0x394, lpBuffer=0x3511548*, nNumberOfBytesToWrite=0x14240, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x3511548*, lpNumberOfBytesWritten=0x19ef4c*=0x14240, lpOverlapped=0x0) returned 1 [0305.771] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0305.773] CloseHandle (hObject=0x358) returned 1 [0305.774] WriteFile (in: hFile=0x394, lpBuffer=0x22e90a4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x22e90a4*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0305.774] CloseHandle (hObject=0x394) returned 1 [0305.780] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt", lpFilePart=0x0) returned 0x3c [0305.780] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\15ihmDlL.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\15ihmdll.ppt")) returned 1 [0305.797] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt.crypted", lpFilePart=0x0) returned 0x48 [0305.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0305.797] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\2d44 au8ulin.ppt.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0305.797] GetFileType (hFile=0x394) returned 0x1 [0305.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0305.798] GetFileType (hFile=0x394) returned 0x1 [0307.519] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt", lpFilePart=0x0) returned 0x40 [0307.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0307.519] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\2d44 au8ulin.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0307.519] GetFileType (hFile=0x358) returned 0x1 [0307.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0307.520] GetFileType (hFile=0x358) returned 0x1 [0307.523] ReadFile (in: hFile=0x358, lpBuffer=0x35257a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x35257a8*, lpNumberOfBytesRead=0x19ef74*=0x78c9, lpOverlapped=0x0) returned 1 [0307.539] WriteFile (in: hFile=0x394, lpBuffer=0x23cda94*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x23cda94*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0307.540] WriteFile (in: hFile=0x394, lpBuffer=0x23cfff8*, nNumberOfBytesToWrite=0x68e0, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x23cfff8*, lpNumberOfBytesWritten=0x19ef4c*=0x68e0, lpOverlapped=0x0) returned 1 [0307.542] ReadFile (in: hFile=0x358, lpBuffer=0x35257a8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x35257a8*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0307.542] CloseHandle (hObject=0x358) returned 1 [0307.542] WriteFile (in: hFile=0x394, lpBuffer=0x23cda94*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x23cda94*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0307.543] CloseHandle (hObject=0x394) returned 1 [0307.545] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt", lpFilePart=0x0) returned 0x40 [0307.545] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\2d44 AU8ULin.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\2d44 au8ulin.ppt")) returned 1 [0307.559] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv.crypted", lpFilePart=0x0) returned 0x46 [0307.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0307.560] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\7zlsqyuxwy.csv.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0307.560] GetFileType (hFile=0x394) returned 0x1 [0307.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0307.560] GetFileType (hFile=0x394) returned 0x1 [0309.010] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv", lpFilePart=0x0) returned 0x3e [0309.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0309.010] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\7zlsqyuxwy.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0309.010] GetFileType (hFile=0x358) returned 0x1 [0309.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0309.011] GetFileType (hFile=0x358) returned 0x1 [0309.013] ReadFile (in: hFile=0x358, lpBuffer=0x36257c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x36257c8*, lpNumberOfBytesRead=0x19ef74*=0x1352e, lpOverlapped=0x0) returned 1 [0309.029] WriteFile (in: hFile=0x394, lpBuffer=0x24b9e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x24b9e00*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0309.031] WriteFile (in: hFile=0x394, lpBuffer=0x24bc35c*, nNumberOfBytesToWrite=0x12540, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x24bc35c*, lpNumberOfBytesWritten=0x19ef4c*=0x12540, lpOverlapped=0x0) returned 1 [0309.032] ReadFile (in: hFile=0x358, lpBuffer=0x36257c8, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x36257c8*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0309.032] CloseHandle (hObject=0x358) returned 1 [0309.034] WriteFile (in: hFile=0x394, lpBuffer=0x24b9e00*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x24b9e00*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0309.034] CloseHandle (hObject=0x394) returned 1 [0309.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv", lpFilePart=0x0) returned 0x3e [0309.037] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\7zlsQYuxwY.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\7zlsqyuxwy.csv")) returned 1 [0309.043] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx.crypted", lpFilePart=0x0) returned 0x41 [0309.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0309.043] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\dxec.docx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0309.044] GetFileType (hFile=0x394) returned 0x1 [0309.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0309.044] GetFileType (hFile=0x394) returned 0x1 [0310.296] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx", lpFilePart=0x0) returned 0x39 [0310.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0310.297] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\dxec.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0310.297] GetFileType (hFile=0x358) returned 0x1 [0310.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0310.298] GetFileType (hFile=0x358) returned 0x1 [0310.302] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x16bfc, lpOverlapped=0x0) returned 1 [0310.327] WriteFile (in: hFile=0x394, lpBuffer=0x23b33cc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x23b33cc*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0310.329] WriteFile (in: hFile=0x394, lpBuffer=0x3511548*, nNumberOfBytesToWrite=0x15c10, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x3511548*, lpNumberOfBytesWritten=0x19ef4c*=0x15c10, lpOverlapped=0x0) returned 1 [0310.331] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0310.331] CloseHandle (hObject=0x358) returned 1 [0310.333] WriteFile (in: hFile=0x394, lpBuffer=0x23b33cc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x23b33cc*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0310.333] CloseHandle (hObject=0x394) returned 1 [0310.337] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx", lpFilePart=0x0) returned 0x39 [0310.337] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\DXEc.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\dxec.docx")) returned 1 [0310.352] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx.crypted", lpFilePart=0x0) returned 0x47 [0310.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0310.352] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\ekeyb-6itf.pptx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0310.353] GetFileType (hFile=0x394) returned 0x1 [0310.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0310.353] GetFileType (hFile=0x394) returned 0x1 [0312.488] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx", lpFilePart=0x0) returned 0x3f [0312.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0312.488] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\ekeyb-6itf.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0312.489] GetFileType (hFile=0x358) returned 0x1 [0312.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0312.489] GetFileType (hFile=0x358) returned 0x1 [0312.492] ReadFile (in: hFile=0x358, lpBuffer=0x3527178, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3527178*, lpNumberOfBytesRead=0x19ef74*=0x14816, lpOverlapped=0x0) returned 1 [0312.514] WriteFile (in: hFile=0x394, lpBuffer=0x2497efc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x2497efc*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0314.176] WriteFile (in: hFile=0x394, lpBuffer=0x249a458*, nNumberOfBytesToWrite=0x13830, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x249a458*, lpNumberOfBytesWritten=0x19ef4c*=0x13830, lpOverlapped=0x0) returned 1 [0314.177] ReadFile (in: hFile=0x358, lpBuffer=0x3527178, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3527178*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0314.177] CloseHandle (hObject=0x358) returned 1 [0314.178] WriteFile (in: hFile=0x394, lpBuffer=0x2497efc*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x2497efc*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0314.178] CloseHandle (hObject=0x394) returned 1 [0314.181] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx", lpFilePart=0x0) returned 0x3f [0314.181] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\EkEyb-6ITf.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\ekeyb-6itf.pptx")) returned 1 [0314.190] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots.crypted", lpFilePart=0x0) returned 0x4d [0314.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0314.191] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\ient9n_upifsror_s.ots.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0314.192] GetFileType (hFile=0x394) returned 0x1 [0314.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0314.192] GetFileType (hFile=0x394) returned 0x1 [0315.377] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots", lpFilePart=0x0) returned 0x45 [0315.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0315.377] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\ient9n_upifsror_s.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0315.378] GetFileType (hFile=0x358) returned 0x1 [0315.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0315.378] GetFileType (hFile=0x358) returned 0x1 [0315.381] ReadFile (in: hFile=0x358, lpBuffer=0x3627198, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3627198*, lpNumberOfBytesRead=0x19ef74*=0x13cae, lpOverlapped=0x0) returned 1 [0315.394] WriteFile (in: hFile=0x394, lpBuffer=0x2391340*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x2391340*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0315.406] WriteFile (in: hFile=0x394, lpBuffer=0x23938b4*, nNumberOfBytesToWrite=0x12cc0, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x23938b4*, lpNumberOfBytesWritten=0x19ef4c*=0x12cc0, lpOverlapped=0x0) returned 1 [0315.408] ReadFile (in: hFile=0x358, lpBuffer=0x3627198, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3627198*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0315.408] CloseHandle (hObject=0x358) returned 1 [0315.409] WriteFile (in: hFile=0x394, lpBuffer=0x2391340*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x2391340*, lpNumberOfBytesWritten=0x19ef24*=0x10, lpOverlapped=0x0) returned 1 [0315.409] CloseHandle (hObject=0x394) returned 1 [0315.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots", lpFilePart=0x0) returned 0x45 [0315.412] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\ieNT9n_upIFSROR_S.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\ient9n_upifsror_s.ots")) returned 1 [0315.416] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx.crypted", lpFilePart=0x0) returned 0x4f [0315.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0315.416] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\jcvl 3fubnvuwf4cjt.xlsx.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0315.416] GetFileType (hFile=0x394) returned 0x1 [0315.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0315.416] GetFileType (hFile=0x394) returned 0x1 [0316.535] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx", lpFilePart=0x0) returned 0x47 [0316.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0316.535] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\jcvl 3fubnvuwf4cjt.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x358 [0316.535] GetFileType (hFile=0x358) returned 0x1 [0316.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0316.536] GetFileType (hFile=0x358) returned 0x1 [0316.538] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x1297, lpOverlapped=0x0) returned 1 [0316.548] WriteFile (in: hFile=0x394, lpBuffer=0x248bb10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19ef4c, lpOverlapped=0x0 | out: lpBuffer=0x248bb10*, lpNumberOfBytesWritten=0x19ef4c*=0x1000, lpOverlapped=0x0) returned 1 [0316.550] ReadFile (in: hFile=0x358, lpBuffer=0x3410548, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x19ef74, lpOverlapped=0x0 | out: lpBuffer=0x3410548*, lpNumberOfBytesRead=0x19ef74*=0x0, lpOverlapped=0x0) returned 1 [0316.550] CloseHandle (hObject=0x358) returned 1 [0316.550] WriteFile (in: hFile=0x394, lpBuffer=0x248bb10*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0x19ef24, lpOverlapped=0x0 | out: lpBuffer=0x248bb10*, lpNumberOfBytesWritten=0x19ef24*=0x2c0, lpOverlapped=0x0) returned 1 [0316.550] CloseHandle (hObject=0x394) returned 1 [0316.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx", nBufferLength=0x105, lpBuffer=0x19eab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx", lpFilePart=0x0) returned 0x47 [0316.553] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\jcvL 3fubnvUWf4cJt.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\jcvl 3fubnvuwf4cjt.xlsx")) returned 1 [0316.557] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\L PbXLT49O.pps.crypted", nBufferLength=0x105, lpBuffer=0x19e9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\L PbXLT49O.pps.crypted", lpFilePart=0x0) returned 0x46 [0316.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0316.557] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\IDhWz54EjpbS8oH\\L PbXLT49O.pps.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\idhwz54ejpbs8oh\\l pbxlt49o.pps.crypted"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x394 [0316.557] GetFileType (hFile=0x394) returned 0x1 [0316.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0316.557] GetFileType (hFile=0x394) returned 0x1 Thread: id = 2 os_tid = 0x4b0 Thread: id = 3 os_tid = 0xe64 Thread: id = 4 os_tid = 0xe9c [0115.521] CoGetContextToken (in: pToken=0x43bfc3c | out: pToken=0x43bfc3c) returned 0x800401f0 [0115.522] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0115.522] RoInitialize () returned 0x1 [0115.522] RoUninitialize () returned 0x0 [0206.302] WriteFile (in: hFile=0x358, lpBuffer=0x22d8470*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x43bfb40, lpOverlapped=0x0 | out: lpBuffer=0x22d8470*, lpNumberOfBytesWritten=0x43bfb40*=0x20, lpOverlapped=0x0) returned 1 [0206.303] CloseHandle (hObject=0x358) returned 1 Thread: id = 5 os_tid = 0x1374 Thread: id = 6 os_tid = 0x13e0 Thread: id = 7 os_tid = 0x98c Thread: id = 8 os_tid = 0xff8